Helping you with GDPR and Data Protection compliance

The GDPR is a new European law that has been introduced to improve and unify data protection across the EU. The Data Protection Act (2018) has updated UK legislation in line with the GDPR. The Information Commissioner’s Office (ICO) regulates the implementation of the GDPR in the UK.

Any organisation that processes personal data of EU citizens will be required to comply with the GDPR, regardless of where the organisation is based globally, so the fact that the UK is due to leave the EU does not mean that the GDPR will not apply to UK organisations in the future.

Whatever size or structure your organisation is, if it collects and uses personal data (such as contact details) from donors, beneficiaries, volunteers, staff or any other individuals, the GDPR is likely to apply to you. It imposes specific legal responsibilities on those that are defined as ‘data controllers’ or ‘data processors’, so it’s important that you determine whether your organisation meets the criteria for either or both of those definitions.

How WCVA can help you with GDPR compliance and data protection:

  • Free #Desktopdata webinars, developed with the ICO to address a range of essential topics for GDPR compliance
  • A GDPR toolkit of templates produced in partnership with Hugh James solicitors
  • A short film to raise awareness about the GDPR
  • An information sheet providing detailed guidance on the GDPR and the changes it has introduced

You can also catch up with our #GDPRsk twitter chat, or watch our short animated film A quick guide to GDPR for the Third Sector.

GDPR toolkit

The toolkit is a package of GDPR templates and guidance that organisations can use to create their own policies and procedures. The toolkit includes:

  • Privacy notice template 
  • Data Protection policy template
  • Data Protection Impact Assessment template
  • Bring your own device for trustees and volunteers policy template
  • Data Retention guidelines for Human Resources data
  • GDPR compliance checklist
  • The lawful bases guidance

The toolkit is available for free exclusively for voluntary organisations based in Wales. 

If you would like to receive a copy of the documents, please email us at

Useful Links 

ICO guidance for charities and small businesses

Institute of Fundraising GDPR guidance  

Charity Finance Group guide to GDPR

#Desktop Data – Preparing your for GDPR

GDPR is a 21st century approach to data protection, it aims to provide more protection for individuals and therefore more privacy obligations for organisations.

Here’s our series of #DesktopData webinars to prepare you for the new changes to #GDPR.

May 2017 – 12 steps to help your organisation prepare for GDPR

June 2017 – Fundraising and Data Protection

July 2017 – Cyber Security

August 2017 – Privacy Notices & Consent

September 2017 – Privacy and Electronic Communications Regulations 2003 (PECR)

October 2017 – Subject Access Requests

November 2017 – Data Protection for Trustees

December 2017 – Privacy by Design

January 2018 – Data Sharing

February 2018 – CCTV

March 2018 – Contracts, Liabilities and GDPR

April 2018 – GDPR…..One month to go!


Category | Safeguarding |

Data Protection and Safeguarding

Category | GDPR & data protection |

GDPR and Data Protection

More resources