Introduction
The EU General Data Protection Regulation (GDPR) will increase privacy for individuals and give regulatory authorities greater powers.
VAC has produced a series of briefings, starting with an introduction and leading to practical guidance for local organisations and has run a series of workshops in Feb/March 2018.
Data protection law will change from 25 May 2018, when the EU General Data Protection Regulation (GDPR) comes into force, giving enhanced protection of individuals’ data.
For practical high-level tips, see ICO’s guide to the 12 steps to take now. Among other changes, the GDPR gives a much tighter definition of consent.
It’s worth saying that much of the debate and discussion in the sector and the media has been dominated by fundraising and whether doners will decide to opt in or opt out.
NCVO have an interesting blog post that sets out current thinking by the sectors main umbrella body.
Briefings
Presentations and Handouts from VAC’s GDPR Workshops
VAC ran 3 workshops on GDPR in February and March 2018. You can download the presentations and handouts below:
3 Exercise 2 Rights and Privacy
5 GDPR Data Audit & Compliance Check
GDPR audit spreadsheet which has two worked examples to help get you started.
https://vac.org.uk/wp-content/uploads/2018/03/GDPR-Data-Audit-Compliance-Check.xlsx
Links and Resources
The Information Commissioner’s Office (ICO)
The Information Commissioner’s Blog – a series of blog posts exploding myths about GDPR
GDPR—The-Change-That-Charity-Donors-Want—nfpSynergy-report-July-2017-1-
The Voluntary Arts guide to GDPR is a straightforward guide to the General Data Protection Regulation aimed at small arts organisations but applicable to any small organisation. It has good advice on making sure newsletters, mailing lists and data bases are all GDPR complaint. You can download it here.
Latest ICO Guidance
The ICO published its main guidance, which is aimed at all organisations, in November 2017.
The ICO has now published 12 frequently asked questions for charities, which draws on wider guidance to GDPR and directs users to other resources, such as the ICO’s self-assessment tool and its dedicated advice line for small organisations.