General Data Protection Regulation
EU General Data Protection Regulation (GDPR) Is the most important change in data privacy regulation in 20 years…
As a trustee you have a responsibility to ensure that your charity complies with current legislation. Any personal data that you hold will be subject to GDPR and you will need to review your data to ensure that it adheres to the legislation.
What is GDPR?
The Government are introducing new legislation that affects the collection of personal data. This will mean that data protection law is changing on 25 May 2018 and your charity will need to be ready for this. The General Data Protection Regulation, also known as (GDPR) applies to all organisations that collect people’s personal data for business reasons. For example, as a charity this will affect your membership and donation information. All organisations must ensure that they are compliant with this legislation or they can face financial penalties for data breeches in line with the Information Commissioner’s Office guidance.
|Applies to all organisations processing the personal data of EU citizens regardless of the organisation size or location.||Data Controllers and Data Processors are equally liable|
|Right of Access Individuals||Right to be forgotten Individuals|
|Data Privacy by Design||Data Portability|
|Consent Individuals||Breach Notification Individuals|
|Penalties Fines up to 4% of the annual turnover or 20 Million (Whichever is greater)|
In the past, you may have taken mental cover from the requirements of the DPA, by saying to yourself that we are too small an organisation for the authorities to be worried about, or perhaps that we don’t really process any data, we just have an address book, an attendees list, a prayer list.
Under GDPR, this is not a sustainable response and, in any case, churches and other organisations may well have been breaching the current legislation.
ICO has already signaled that it intends to enforce the law, having already fined a number of charities, some relatively small, for improper use of data.
Elizabeth Denham, the then Commissioner, has been quoted as saying: "These fines draw a line under what has been a complex investigation into the way some charities have handled personal information. While we will continue to educate and support charities, we have been clear that what we now want, and expect, is for charities to follow the law." The regulation demands that, even for small churches.
At GoodtoGive we place great importance on data protection and have robust systems in place for the services/solutions which we offer. In addition we have planned for GDPR and have put in place a service to support our clients through mapping their data, implementing any improvements required and ensuring that they will meet GDPR standards.
Managing GDPR is an ongoing process and requires a process to manage the stringent requirements of the standard. Our continual monitoring of the requirements and any changes in the standards are monitored and measured using our simple GoodtoGive GDPR methodology. We support clients through the GDPR process by:
- We will carry out a review of your existing data policies, procedures and systems to evaluate your compliance with current legislation
- Audits are scheduled half yearly or annually.
- We will provide a report highlighting areas of improvement following our evaluation
- Using our data protection expertise we assist you to find the best practices to implement GDPR
- We will support you through the implementation of improvement action plan
- We will also provide guidance during and after the implementation of GDPR
- Constant reviewing of the GDPR requirements as laid out by the ICO any changes are fed back into the audit process