The GDPR is a new European law that has been introduced to improve and unify data protection across the EU. The Data Protection Act (2018) has updated UK legislation in line with the GDPR. The Information Commissioner’s Office (ICO) regulates the implementation of the GDPR in the UK.
Any organisation that processes personal data of EU citizens will be required to comply with the GDPR, regardless of where the organisation is based globally, so the fact that the UK is due to leave the EU does not mean that the GDPR will not apply to UK organisations in the future.
Whatever size or structure your organisation is, if it collects and uses personal data (such as contact details) from donors, beneficiaries, volunteers, staff or any other individuals, the GDPR is likely to apply to you. It imposes specific legal responsibilities on those that are defined as ‘data controllers’ or ‘data processors’, so it’s important that you determine whether your organisation meets the criteria for either or both of those definitions.
How WCVA can help you with GDPR compliance and data protection:
- Free #Desktopdata webinars, developed with the ICO to address a range of essential topics for GDPR compliance
- A GDPR toolkit of templates produced in partnership with Hugh James solicitors
- A short film to raise awareness about the GDPR
- An information sheet providing detailed guidance on the GDPR and the changes it has introduced
The toolkit is a package of GDPR templates and guidance that organisations can use to create their own policies and procedures. The toolkit includes:
- Privacy notice template
- Data Protection policy template
- Data Protection Impact Assessment template
- Bring your own device for trustees and volunteers policy template
- Data Retention guidelines for Human Resources data
- GDPR compliance checklist
- The lawful bases guidance
The toolkit is available for free exclusively for voluntary organisations based in Wales.
If you would like to receive a copy of the documents, please email us at firstname.lastname@example.org.
#Desktop Data – Preparing your for GDPR
GDPR is a 21st century approach to data protection, it aims to provide more protection for individuals and therefore more privacy obligations for organisations.
Here’s our series of #DesktopData webinars to prepare you for the new changes to #GDPR.
June 2017 – Fundraising and Data Protection
July 2017 – Cyber Security
August 2017 – Privacy Notices & Consent
September 2017 – Privacy and Electronic Communications Regulations 2003 (PECR)
October 2017 – Subject Access Requests
November 2017 – Data Protection for Trustees
December 2017 – Privacy by Design
January 2018 – Data Sharing
February 2018 – CCTV
March 2018 – Contracts, Liabilities and GDPR
April 2018 – GDPR…..One month to go!