Over the last year, we've been running numerous GDPR information sessions for partner CVSs in south London.
Here are our top 5 tips for any organisation getting ready for the new General Data Protection Regulation, enforceable from May 25th 2018:
-
Audit the personal data you hold - the what, where, why, how long? Do you share it with anyone? Here's a basic template to help you get started.
-
Decide on your legal basis for processing data. Consent is just one of 6 conditions - you only need to comply with one. Find out more on the ICO website.
-
Review your Privacy statement/s and update where necessary. There is a helpful Privacy notice - code of practice publication from the ICO
-
Check any 'cloud' services you use - are they GDPR compliant? Make a list and document this due diligence - look at their Privacy policies, IT security information and where data is stored. If in the US - are they signed up to the EU-US Privacy Shield?
-
Are you following IT security best practice? Robust passwords, encryption, policies - take a look at this handy Cyber Security for Small Charities Infographic
The Information Commissioner's Office (ICO) has additional useful guidance and check lists, and also a Helpline for small organisations. We have bookmarked specific ICO resources along with other GDPR information and guidance from a wide range of sources - see our eLink.io listing. We'd recommend you also read Paul Ticher's helpful update.
