Over the last year, we've been running numerous GDPR information sessions for partner CVSs in south London.  

Here are our top 5 tips for any organisation getting ready for the new General Data Protection Regulation, enforceable from May 25th 2018:

  1. Audit the personal data you hold - the what, where, why, how long?  Do you share it with anyone?  Here's a basic template to help you get started.
  2. Decide on your legal basis for processing data.  Consent is just one of 6 conditions - you only need to comply with one.  Find out more on the ICO website.
  3. Review your Privacy statement/s and update where necessary.  There is a helpful Privacy notice - code of practice publication from the ICO 
  4. Check any 'cloud' services you use - are they GDPR compliant?  Make a list and document this due diligence - look at their Privacy policies, IT security information and where data is stored.  If in the US - are they signed up to the EU-US Privacy Shield?
  5. Are you following IT security best practice?  Robust passwords, encryption, policies - take a look at this handy Cyber Security for Small Charities Infographic

The Information Commissioner's Office (ICO) has additional useful guidance and check lists, and also a Helpline for small organisations.  We have bookmarked specific ICO resources along with other GDPR information and guidance from a wide range of sources - see our eLink.io listing.  We'd recommend you also read Paul Ticher's helpful update.