From May 2018 charities across the UK will come under the net of new data protection rules which, if ignored, could lead to significant fines and sanctions.
Despite the fact that in less than six months all UK businesses – including charities and not or profit organisations – will need to be compliant with the new rules, many in the third sector are not fully prepared for the changes ahead.
Any charity that holds data, whether it is for previous, existing or future donors or suppliers, will need to co-operate with this new legislation or face the prospect of significant fines.
The question of how fundraisers will be allowed to contact donors and supporters has, not surprisingly, been the main focus so far, but GDPR will affect virtually every aspect of data handling including how you ask for consent, opportunities for opting in and out of contact, as well as giving an individual the right to access the personal data you hold on them.
GDPR also introduces a ‘right to be forgotten’, where people can request that you remove personal data from your systems. This means that now, more than ever, there is a requirement to ensure your data is kept up to date, accurate and held no longer than necessary.
Last but certainly not least, there is a requirement to ensure that any data breaches are acted on and also reported without delay.
The amount that the Information Commissioner’s Office (ICO) can fine organisations for breaches of data protection will increase significantly from May 2018 so charities should make sure the right procedures are in place to detect, report and investigate any breaches.
For help and advice to ensure that your charity is prepared for the new GDPR regulations, please contact Milsted Langdon’s charities team.