What is personal data?
The ICO defines personal data as ‘information that relates to an identified or identifiable individual.’ Types of personal information range from name and birth date, to an IP address, cookies and any other information that can be used to identify an individual.
In brief, GDPR enforces four data protection rights:
- Your right to object to your data being processed for a number of commercial and research uses.
- Your right to rectification if the information about you is incorrect or incomplete.
- Your right to erasure (right to be forgotten).
- Your right to restrict processing of your data that a company or an organisation is holding.
What do I need to do?
- Watch our online training videos below, along with accompanying Guides and Resources.
- Take the ICO’s data protection self-assessment for small organisations. The process will enable you to get to grips with the principles of GDPR and ensure you don’t unintentionally break the law when collecting, holding and processing personal data.
- Ensure your organisation’s website has a privacy notice that clearly explains what personal data your organisation collects, and how it is used. Our privacy notice is here.
- Use GDPR-compliant marketing and communications tools such as Mailchimp that gives subscribers the option to control how you use their data in your marketing activities.
Fines for breaching GDPR
The penalties for breaching GDPR are serious and can result in hefty fines meted out by the ICO.
Read more about how GDPR breaches and fines can impact organisations at Charity Digital.
How we can help you stay compliant
Check out our online video workshops taking you through the theory and practical steps needed to comply with the GDPR.
We have put together some practical guidance on GDPR with three exercises and help with drafting a privacy policy. Download these documents here:
- GDPR data audit compliance check
- Drafting a privacy policy
- GDPR: what now? Practical steps to remain compliant with the GDPR.
NCVO published an interesting blog post about their interpretation of the ICO’s guidance and how useful they think it is for voluntary organisations.
Helpful links and resources
Guide to the UK General Data Protection Regulation (UK GDPR)
The Voluntary Arts Guide to GDPR
12 frequently asked questions for charities