The General Data Protection Regulations (GDPR) come into force on 25 May 2018.
To assist our clients in understanding what was required under this legislation, Dafferns LLP and Band Hatton Button held a seminar in February which was very well attended. However there is still concern that many smaller charities are still not fully aware of what is required of them.
The key misconception of many Charities has been that the legislation relates solely to Fundraising activities. The legislation is more wide sweeping than this and covers data held for employees, volunteers, beneficiaries, tenants etc…
Simply, if you are holding personal data about an individual you will be caught by this legislation.
Charities need to consider:
- Balancing their interests with the rights of the individual whose data is held
- What data is currently held; if you don’t know what you have how can you be sure it’s needed?
- Understanding the purpose for which the data is held and the implication of any changes to this purpose
- Holding only the data that is required and nothing more just in case
- Rigour of current data storage systems; are systems appropriate and are they secure?
Recent months have seen a lot of online articles and advice including:
The Information Commissioner’s Office have provided and overview of what GDPR is: Click here
The Charity Finance Group’s nifty 52 page guidance on “GDPR A guide for Charities”: Click here