GDPR (General Data Protection Regulation) in a nutshell, is an overhaul of how organisations, charities included, store and use personal data. The new regulations come into place on 28th May 2018 and will replace the current Data Protection Act, standardising data protection laws throughout Europe and giving enhanced protection and rights to individuals. The IoF (Institute of Fundraising) has made it clear that Brexit is no obstacle and the new regulations will ‘go live’ as planned.
What this means for charities, or any organisation collecting and storing personal data, is that they will need permission to hold that data and will have to have documented processes and procedures in place to show how the data will be used and protected. In addition to this, if the subject requests any information on them, you must be able to easily find and present this data (for more information on how charities can integrate their disparate systems to achieve this, take a look at our article).
This applies to the personal information of volunteers as well as supporters even if you only intend to contact them to keep them informed about the charity’s activities or fundraising campaigns.
As GDPR comes into effect from 28th May 2018, charities need to be fully prepared before that date and there are a number of things to consider, such as your marketing strategy and whether to go for an ‘opt-in’ or ‘opt-out’ approach (basically whether charities should only contact people who have given their consent, or whether they can contact people first and ask for consent).
Charities will also need to review databases and systems they use, and review and update policies to ensure all personal data is safe and properly managed. The IoF recommends a whole organisation approach with all the Trustees involved and cautions against making hasty decisions – it has to be the right decision for the organisation.
Charities are advised not to panic, but to know the facts and be prepared.
MAST ICT is actively supporting a number of organisations in preparation for GDPR – if you would like to review your systems to ensure you are GDPR compliant, please get in touch and we can help to guide you through.
Take a look at our related article –