GDPR and Charity Data
The EU’s General Data Protection Regulation (GDPR) comes into force in the UK in May 2018. This guide is designed to help leaders in the third sector devise a strategy for GDPR adoption.
GDPR replaces the existing data protection regime and necessitates a number of changes to how most third sector organisations, and large charities in particular, collect, store and process the personal data of users and supporters.
GDPR finally brings data protection regulation into the age of cloud-computing. It democratises privacy concerns by mandating clear, plain-English guidelines for how to collect, store and use personal data, and by insisting that organisations use similarly transparent language to obtain consent and communicate how they’re going to use people’s data.
The organisations that lead the way in successfully and visibly implementing procedures and policies which comply with GDPR, in both spirit and letter, will send a strong signal to stakeholders, supporters, potential supporters and the wider public that they take people’s digital rights and freedoms seriously.
GDPR and Charity Data answers the most important GDPR questions for charity leaders, including:
• What is GDPR?
• How does GDPR define personal data?
• Why is consent so important under GDPR?
• What are Privacy Information Notices and how should they be presented?
• What is a personal data breach and how should you respond to one?
• What are Subject Access Requests and Privacy Impact Assessments?
• What are the consequences of not complying with GDPR?
The guide also provides a list of recommended actions for charities beginning their journey towards GDPR-readiness.