• Getting Ready for GDPR

    • Blog
    • »
    • Getting Ready for GDPR
    • by Emma Sims
      Support and Engagement Executive

    Share on:

    Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25th May 2018.

    Why does it matter?

    Data protection legislation places a duty on organisations to be fair, transparent and accountable, and ensure all data they handle or store is up-to-date. It covers everyone about whom you keep personal data. Personal data in this regards refers to any information which could identify or relates to an individual. This might include information you hold on your employees, volunteers, members, supporters and other contacts.

    The legislation:

    • Requires organisations to register with the Information Commissioner’s Office, unless you are exempt.
    • Governs the processing of personal data including ‘personal sensitive data’.
    • Requires organisations to comply with eight data protection principles.
    • Allows employees, service users and other contacts to request to see the personal data held on them.

    Every organisation should have written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.

    How can you prepare?

    It’s important you make sure your organisation is, in the first instance, fully compliant with the Data Protection Act 1998, and then work towards compliance with the General Data Protection Regulations which will replace the Act on 25th May 2018.

    There are financial and reputational risks associated with failure to comply with GDPR, so it’s important to make sure your organisation, in particular your Directors or Trustees, are aware of the changes in the law and support you in your work to compliance.

    There are lots of helpful resources and guides available to organisations from the Information Commissioner’s Office website as well as specifically for charities on NCVO in order to help you prepare for GDPR. So instead of us attempting to become experts on Data Protection, here are our top 10 articles and resources from the experts for our members:

    1. A Guide to Data Protection, Information Commissioner’s Officehttps://ico.org.uk/for-organisations/guide-to-data-protection/
    2. A Guide to GDPR, Information Commissioner’s Officehttps://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
    3. An overview of Data Protection for charities including a recorded webinar, NCVOhttps://www.ncvo.org.uk/practical-support/information/data-protection
    4. Data Protection Self-Assessment Toolkit, Information Commissioner’s Officehttps://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
    5. GDPR Frequently Asked Questions, Information Commissioner’s Officehttps://ico.org.uk/for-organisations/business/guide-to-the-general-data-protection-regulation-gdpr-faqs/
    6. Find out if you are exempt from registering with the ICO, Information Commissioner’s Officehttps://ico.org.uk/for-organisations/register/self-assessment/
    7. Preparing for GDPR- 12 Steps to Take Now, Information Commissioner’s Officehttps://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
    8. 12-point plan to preparing for GDPR for charities, NCVO: https://knowhownonprofit.org/how-to/how-to-prepare-for-gdpr-and-data-protection-reform
    9. Guidance on writing a Data Protection Policy (for charities), NCVO [only available to NCVO members]https://knowhownonprofit.org/tools-resources/hr-policies/data-protection AND/OR GDPR Compliant Policy, Bates Wells Braithwaite: https://getlegal.bwbllp.com/products/gdpr-friendly-data-protection-policy
    10. Telephone Advice Service for small organisations, Information Commissioner’s Office: https://ico.org.uk/global/contact-us/advice-service-for-small-organisations/

    We are busy at CTA ensuring that our organisation is also compliant with GDPR by May and we are specifically consulting the Information Commissioner’s Office for further advice on organisations delivering MiDAS training through CTA. We will be in touch with these organisations in the New Year.

    If you have any questions on the General Data Protection Regulations or Data Protection more generally, please take advantage of the Information Commissioner’s Office’s Advice Service Helpline by phoning 0303 123 1113 and selecting option to be diverted to staff who can offer support on Data Protection.

    For information on accessible versions of the helpline, or to access the service in Welsh please see here: https://ico.org.uk/global/contact-us/helpline/.


    Leave a reply

    Your email address will not be published. Required fields are marked *


    1 Comment

    • Mia Evans - Data

      11:56 24th October 2022

      I totally agree when you said that the company has to be fully compliant with the Data Protection Act 1998 and comply with the regulations as well in 2018. I can imagine how this will definitely give a company peace of mind that they will be able to protect their clients’ details and information. While the clients will refer them to others if they have them trustworthy and has a great service. https://www.the-training-centre.com/w/uk/courses/22-certified-data-protection-officer-cdpo

      • Search Blog
      • /