What is GDPR is a replacement to the Data Protection Act (DPA, 1998). It aims to standardise the way Personally Identifiable Information (PII) is dealt with in terms of Data Controllers (i.e. organisations that collect personal data) and Data Processors (i.e. a third party you share data with). Ultimately it gives back control and ownership of data to the individual. In terms of compliance, this should be what you adhere to now; however, it does not come into enforcement until the 25 May 2018.

Check out this resource pack developed by ICO for smaller organisations and also the training available from the FSI (Swindon 31st January) and (London 20th February) .  The 25th May isn’t that far away so get ready, so also check out Elizabeth Denham’s latest Blog

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from.  However, there are a few new elements and significant enhancements, so you will have to do some things for the first time and some things differently.  Start preparing by taking these first 12 steps.

GDPR is coming and great news that Institute of Fundraising have produced a Guide to help charities understand the impacts. GDPR Essentials

NCVO have produced a handy 12 step guide for preparing for GDPR:  ‘How to Prepare for GDPR and Data Protection Reform

Also valuable is their recent GDPR webinar, now available to view on youtube: ‘What Does GDPR Mean for your charity’

Charity cloud-software partner, Blackbaud Europe, has released a new, 12-page handbook to help non-profits understand the implication of GDPR on their organisations.
‘The GDPR Handbook for Non-Profits’ runs through the main differences between the new regulation and existing laws, gives advice on the first steps non-profits should take, and explains how governance and technology underpins compliance with new data protection legislation.   GDPR Handboook.

Also of interest is the recording of their recent one-hour webinar, ‘Communicating Privacy Practices to Donors’

Documents of interest

  1. Overview of GDPR
  2. Take the ‘Getting Ready for GDPR’ Checklist on the ICO site – it will give you a report on what you need to do.
  3. Read GDPR 12 Steps to Take Now

Note the Consent Guidance is due to be finalised in December 2017 but you can see a draft of the Guidance here.

Overview of the General Data Protection Regulation (GDPR)  This overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU. It explains the similarities with the existing UK Data Protection Act 1998 (DPA), and describes some of the new and different requirements. It is for those who have day-to-day responsibility for data protection.

This is a living document and will be expanded in key areas. It includes links to relevant sections of the GDPR itself, to other ICO guidance and to guidance produced by the EU’s Article 29 Working Party. The Working Party includes representatives of the data protection authorities from each EU member state, and the ICO is the UK’s representative.

Blog:  Andrew Cross, Data and Insights Lead at Lightful:  This blog gives a brief overview of the following key areas: Data controllers vs processors, What can you do starting today and Concent.  We will get further, more detailed information on these and other areas of GDPR but this is a good read to get you started and thinking about how this will affect your charity.

The General Data Protection Regulation comes into force 25 May 2018.  The Data Protection Bill gives more detail of the reforms beyond the GDPR.  In a series of blogs By Elizabeth Denham, (Information Commissioner) she busts a series of myth’s that have surfaced over the last few months – interesting reading: