Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25th May 2018.
Why does it matter?
Data protection legislation places a duty on organisations to be fair, transparent and accountable, and ensure all data they handle or store is up-to-date. It covers everyone about whom you keep personal data. Personal data in this regards refers to any information which could identify or relates to an individual. This might include information you hold on your employees, volunteers, members, supporters and other contacts.
- Requires organisations to register with the Information Commissioner’s Office, unless you are exempt.
- Governs the processing of personal data including ‘personal sensitive data’.
- Requires organisations to comply with eight data protection principles.
- Allows employees, service users and other contacts to request to see the personal data held on them.
Every organisation should have written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.
How can you prepare?
It’s important you make sure your organisation is, in the first instance, fully compliant with the Data Protection Act 1998, and then work towards compliance with the General Data Protection Regulations which will replace the Act on 25th May 2018.
There are financial and reputational risks associated with failure to comply with GDPR, so it’s important to make sure your organisation, in particular your Directors or Trustees, are aware of the changes in the law and support you in your work to compliance.
There are lots of helpful resources and guides available to organisations from the Information Commissioner’s Office website as well as specifically for charities on NCVO in order to help you prepare for GDPR. So instead of us attempting to become experts on Data Protection, here are our top 10 articles and resources from the experts for our members:
- A Guide to Data Protection, Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-data-protection/
- A Guide to GDPR, Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
- An overview of Data Protection for charities including a recorded webinar, NCVO: https://www.ncvo.org.uk/practical-support/information/data-protection
- Data Protection Self-Assessment Toolkit, Information Commissioner’s Office: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
- GDPR Frequently Asked Questions, Information Commissioner’s Office: https://ico.org.uk/for-organisations/business/guide-to-the-general-data-protection-regulation-gdpr-faqs/
- Find out if you are exempt from registering with the ICO, Information Commissioner’s Office: https://ico.org.uk/for-organisations/register/self-assessment/
- Preparing for GDPR- 12 Steps to Take Now, Information Commissioner’s Office: https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
- 12-point plan to preparing for GDPR for charities, NCVO: https://knowhownonprofit.org/how-to/how-to-prepare-for-gdpr-and-data-protection-reform
- Guidance on writing a Data Protection Policy (for charities), NCVO [only available to NCVO members]: https://knowhownonprofit.org/tools-resources/hr-policies/data-protection AND/OR GDPR Compliant Policy, Bates Wells Braithwaite: https://getlegal.bwbllp.com/products/gdpr-friendly-data-protection-policy
- Telephone Advice Service for small organisations, Information Commissioner’s Office: https://ico.org.uk/global/contact-us/advice-service-for-small-organisations/
We are busy at CTA ensuring that our organisation is also compliant with GDPR by May and we are specifically consulting the Information Commissioner’s Office for further advice on organisations delivering MiDAS training through CTA. We will be in touch with these organisations in the New Year.
If you have any questions on the General Data Protection Regulations or Data Protection more generally, please take advantage of the Information Commissioner’s Office’s Advice Service Helpline by phoning 0303 123 1113 and selecting option 4 to be diverted to staff who can offer support on Data Protection.
For information on accessible versions of the helpline, or to access the service in Welsh please see here: https://ico.org.uk/global/contact-us/helpline/.