Over the last year, we've been running numerous GDPR information sessions for partner CVSs in south London.
Here are our top 5 tips for any organisation getting ready for the new General Data Protection Regulation, enforceable from May 25th 2018:
-
Audit the personal data you hold - the what, where, why, how long? Do you share it with anyone? Here's a basic template to help you get started.
-
Decide on your legal basis for processing data. Consent is just one of 6 conditions - you only need to comply with one. Find out more on the ICO website.
-
Review your Privacy statement/s and update where necessary. There is a helpful Privacy notice - code of practice publication from the ICO
-
Check any 'cloud' services you use - are they GDPR compliant? Make a list and document this due diligence - look at their Privacy policies, IT security information and where data is stored. If in the US - are they signed up to the EU-US Privacy Shield?
-
Are you following IT security best practice? Robust passwords, encryption, policies - take a look at this handy Cyber Security for Small Charities Infographic
The Information Commissioner's Office (ICO) has additional useful guidance and check lists, and also a Helpline for small organisations. We have bookmarked specific ICO resources along with other GDPR information and guidance from a wide range of sources - see our eLink.io listing. We'd recommend you also read Paul Ticher's helpful update.
Stay in touch
If you would like to receive news and updates about training, tech tips, resources and opportunities for small charities and community groups in London please sign up to our mailing list.