Guide to General Data Protection Regulation (GDPR)
GDPR is data protection legislation that applies to all European Union countries and the UK. The law came into force on 25 May 2018.
In this guide we explain how GDPR applies to voluntary organisations and what you need to know about the legislation to ensure your organisation complies with the rules.
In the rise of the Information Age, each of us creates large volumes of personal data through our online activities. GDPR was brought in to provide greater rights and protections against individuals, companies, corporations and governments that might otherwise use personal data in harmful ways.
The Information Commissioner’s Office (ICO) is the regulatory body responsible for enforcing GDPR and is the main authority for information about data protection and security in the UK.
The ICO defines personal data as ‘information that relates to an identified or identifiable individual.’ Types of personal information range from name and birth date, to an IP address, cookies and any other information that can be used to identify an individual.
In brief, GDPR enforces four data protection rights:
The penalties for breaching GDPR are serious and can result in hefty fines meted out by the ICO.
Read more about how GDPR breaches and fines can impact organisations at Charity Digital.
NCVO published an interesting blog post about their interpretation of the ICO’s guidance and how useful they think it is for voluntary organisations.