Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25th May 2018.
Why does it matter?
Data protection legislation places a duty on organisations to be fair, transparent and accountable, and ensure all data they handle or store is up-to-date. It covers everyone about whom you keep personal data. Personal data in this regards refers to any information which could identify or relates to an individual. This might include information you hold on your employees, volunteers, members, supporters and other contacts.
Requires organisations to register with the Information Commissioner’s Office, unless you are exempt.
Governs the processing of personal data including ‘personal sensitive data’.
Allows employees, service users and other contacts to request to see the personal data held on them.
Every organisation should have written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.
How can you prepare?
It’s important you make sure your organisation is, in the first instance, fully compliant with the Data Protection Act 1998, and then work towards compliance with the General Data Protection Regulations which will replace the Act on 25th May 2018.
There are financial and reputational risks associated with failure to comply with GDPR, so it’s important to make sure your organisation, in particular your Directors or Trustees, are aware of the changes in the law and support you in your work to compliance.
There are lots of helpful resources and guides available to organisations from the Information Commissioner’s Office website as well as specifically for charities on NCVO in order to help you prepare for GDPR. So instead of us attempting to become experts on Data Protection, here are our top 10 articles and resources from the experts for our members:
We are busy at CTA ensuring that our organisation is also compliant with GDPR by May and we are specifically consulting the Information Commissioner’s Office for further advice on organisations delivering MiDAS training through CTA. We will be in touch with these organisations in the New Year.
If you have any questions on the General Data Protection Regulations or Data Protection more generally, please take advantage of the Information Commissioner’s Office’s Advice Service Helpline by phoning 0303 123 1113 and selecting option 4 to be diverted to staff who can offer support on Data Protection.
Community Transport Association UK is a charitable company limited by guarantee. Registered in Cardiff no. 1985361 Registered office: 12 Hilton Street M1 1JF. Registered as a charity in England and Wales no. 1002222. Charity Registered in Scotland No. SC038518.