The law on data protection will change on 25 May 2018 when the General Data Protection Regulation comes into force.
All organisations (including charities, social enterprises and schools) will need to take a number of steps to ensure compliance ahead of the May 2018 deadline. As a first step, you should identify the types of personal data held by your organisation and the sorts of data processing carried out on behalf of, for example, customers, employees, contacts and other members of the public. From this starting point, your organisation should consider whether such processing is lawful and otherwise carried out in accordance with the requirements of the regulation.
GDPR strategic planning
Failure to comply with the GDPR could lead to significant financial penalties being imposed on your organisation so it is critical that you review all data protection arrangements at a strategic level.
GDPR advice to charities, social enterprises and schools
At Wrigleys we can help your organisation with the following:
- to understand your obligations under the GDPR including training.
- to design and implement data mapping exercises to identify personal data held by your organisation and third parties and the processing carried out on your behalf.
- to prepare the documents required to demonstrate compliance with the new legislation, including:
- privacy notices
- data protection policies
- data protection agreements with third parties.
- untangle the knotty issue of consent including when consent to the processing of personal data is required and how it should be obtained.
Contact Wrigleys to discuss how we are helping charities, social enterprises and schools to prepare for GDPR.
Article: "What will the EU’s new data protection regime mean for UK charities?" Peter Parker considers how charities can comply with changes to data protection law (Published by Civil Society in March 2017)
Data Mapping Questionnaire: Undertaking a data mapping exercise is one of the first exerises an organisation should undertake in preparing to become GDPR ready. We have produced a questionnaire to help charities and social enterprises to identify the personal data held by them and the types of processing activities carried out in relation to that data.