Top Menu

Navigation

Free Guide to Data Protection and GDPR

By on 7th September 2017 in Uncategorised

Next year, the GDPR – the General Data Protection Regulation – will replace the Data Protection Act. In effect this will mean all orgs handling personal data (including charities) have to be a lot more transparent about whose data they have, and what they do with it. Although the law isn’t changing, the penalties for organisations (including Charities) who break the law are getting much more severe. 

There’s a lot of misinformation out there. 

Here’s a nice short article outlining the main concerns https://www.civilsociety.co.uk/news/free-guide-to-gdpr-and-data-protection-for-charities-published-today.html

The longer, more detailed guide by Tim Turner is an excellent read. It’s blunt, to the point, and should be required reading for Trustees and Managers who handle sensitive personal information, especially in third sector organisations. Here’s the kind of pithy advice he offers:

“Ten essential things you need to know about data protection

  1. There is no significant charity exemption to data protection or marketing law. Maybe there should be. There isn’t.
  2. The ends never legalise the means.
  3. If a donor or other individual does not understand what you are doing with their personal data, the practical effect is that you can’t do it, whatever it is. The same is true for consent – if a person doesn’t understand what you’re doing, you can’t argue that they have consented to it.
  4. You don’t need consent for every use of personal data, but if you don’t have consent, you need to know what other justification you have that allows you to use the data. The other reasons are specifically set out in the Data Protection Act and the GDPR.
  5. You cannot assume consent. Failure to opt-out is not consent. Silence is not consent. Previous support is not consent. A donation I give you today is not consent for something tomorrow.
  6. Volunteers are no different to employees; they must be trained and equipped to protect data. There is no volunteer exemption. Using volunteers is a choice you have made, and you are responsible for ensuring that you manage the risks adequately.
  7. If you contract out any work to an agency or contractor, you are wholly responsible for what they do, unless they steal your personal data or otherwise use it for their own purposes.
  8. Personal data available in the public domain is still personal data and Data Protection still applies to it.
  9. There are specific rules for consent over the method of communicating fundraising and other direct marketing communications. Beyond that, you have to decide whether you need consent or whether some other condition
    applies.
  10. Never accept data protection advice from the Institute of Fundraising.”
Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

Comments are closed.

Hosted by Totaal