One of the hottest topics for anyone responsible for digital at a charity in 2017 is getting to grips with forthcoming GDPR regulations.  GDPR (General Data Protection Regulation) is a new regulation being introduced by the EU to strengthen and unify data protection for individuals within the European Union.  It will be coming into force on 25th May 2018 and UK charities will be bound by it regardless of whether the UK is still in the EU at that point or not. 

GDPR will impose new obligations on charities around reporting personal data breaches and will also make it a requirement for them to have a Data Protection Officer (DPO).  Organisations who are not compliant could ultimately face fines of up to 20m EUR. 

One of the key impacts for charities will be around when and how they gain consent from supporters and other stakeholders for using their personal data.  A person’s consent will have to be gained via affirmative action and there will be stringent requirements for it to be freely given, informed and specific.  Individuals will have new rights that will have to be adhered to including a ‘right to be forgotten’ and a ‘right to object’ to their details being used, transferred or held.  This will also impact how charities must interact with third-parties, as this will be important in order to manage requests made of you by individuals whose data you hold.  

There are various other areas that will be addressed by GDPR, including things like  validating who are your data processors and your contracts with them, providing  technology updates to ensure data is tagged effectively, security enhancement and governance to deal with breaches. 

For more details on how GDPR will impact charities and some tips on what you can do to prepare, you can download our White Paper