News from: Reading Voluntary Action
In preparation for the GDPR coming into force, here are 3 top tips for charities and community groups:
1. Don’t panic, but do make a plan
Yes, everyone is talking about GDPR and how the law around data protection will become stricter after 25 May, but please don’t panic. First things first, it’s an evolution not a revolution in data protection law. This means that if you already have good data protection practices in place, then it’s just about enhancing what you already do. So take a step, review what you are already doing and make a plan for any tweaks you need to make.
2. It’s not just about fundraising – it applies to all processing of personal data
Although fundsraising regulations will be tighter after 25 May, the GDPR will have a much wider application. It will apply to all processing of personal data – so this includes how you collect and process data for your service users, volunteers, trustees, staff and supporters.
3. Consent is important, but there are other options too
If you need to refresh your consent forms because they didn’t offer an opt-in option, then it is better to do that in a structured way than to panic with a blanket email to everyone saying that if they don’t reply to you by the 25 May, they’ll never hear from you again.
Instead, take a look at who you need to gain consent from and when you may already be meeting/seeing them and how you could use this to ‘check people off’. If you see service users in person between now and the deadline, that is also good time to refresh your consent.
Also consider whether you actually need consent or whether you can rely on ‘legitimate interests’ as a lawful basis for contacting some people. If you think you can, then you should put together a statement on this.
ICO Guidance on GDPR
If you would like help with revising your Data Protection Policy, please contact firstname.lastname@example.org or telephone 01189 372273.