Latest Resources

Whatever security measures you might have in place, you can never be 100% safe from a breach. A breach could lead to an investigation from the regulator, resulting in potential enforcement action against your organisation. Being prepared is essential.

Privacy notices help the people who you process personal data about understand why and what you do with their information. The GDPR specifies what must be included and how they should be written.

Our guidance addresses some common themes for data protection in the voluntary and community sector. We've created some templates as a starting point for you to work with.

It is a legal requirement of the General Data Protection Regulation (GDPR) to keep a clear record of your processing activities. This resource explains what to do and provides templates for you to get started.

A number of common scenarios and questions that we have received on GDPR and data protection.

More resources on GDPR and data protection, including sub-sector specific information.

Legitimate interests is one of six lawful basis set out in the GDPR to justify the processing of personal data (data relating to an individual from which that individual can be identified).

Your first steps to understanding and complying with data protection laws. This guide focuses on what you need to know and focus on now, with signposting to more practical advice and resources.

A GDPR jargon-buster that covers the key topics in data protection.

Protect your organisation from the most common threats by following the National Cyber Security Centre's guide for small charities.