The GDPR is a new European law that has been introduced to improve and unify data protection across the EU. The Data Protection Act (2018) has updated UK legislation in line with the GDPR. The Information Commissioner’s Office (ICO) regulates the implementation of the GDPR in the UK.
Any organisation that processes personal data of EU citizens will be required to comply with the GDPR, regardless of where the organisation is based globally, so the fact that the UK is due to leave the EU does not mean that the GDPR will not apply to UK organisations in the future.
Whatever size or structure your organisation is, if it collects and uses personal data (such as contact details) from donors, beneficiaries, volunteers, staff or any other individuals, the GDPR is likely to apply to you. It imposes specific legal responsibilities on those that are defined as ‘data controllers’ or ‘data processors’, so it’s important that you determine whether your organisation meets the criteria for either or both of those definitions.
How WCVA can help you with GDPR compliance and data protection:
- Free #Desktopdata webinars, developed with the ICO to address a range of essential topics for GDPR compliance
- A GDPR toolkit of templates produced in partnership with Hugh James solicitors
- A short film to raise awareness about the GDPR
- An information sheet providing detailed guidance on the GDPR and the changes it has introduced
You can also catch up with our #GDPRsk twitter chat, or watch our short animated film A quick guide to GDPR for the Third Sector.
The toolkit is a package of GDPR templates and guidance that organisations can use to create their own policies and procedures. The toolkit includes:
- Privacy notice template
- Data Protection policy template
- Data Protection Impact Assessment template
- Bring your own device for trustees and volunteers policy template
- Data Retention guidelines for Human Resources data
- GDPR compliance checklist
- The lawful bases guidance
The toolkit is available for free exclusively for voluntary organisations based in Wales.
If you would like to receive a copy of the documents, please email us at firstname.lastname@example.org.
ICO guidance for charities and small businesses
Institute of Fundraising GDPR guidance