GDPR - what do charities need to consider?

Wilson Browne

1st June 2018


IT'S unlikely to have escaped anyone with an email account, that there have been big changes in the field of data protection in the form of GDPR.

A lot of businesses have spent a great deal of time and money preparing for the change. But what about small charities (with small budgets) which, by their nature, don't have the vast organisation or resources to have someone dedicated to compliance of this sort?

Fortunately, when you look at the detail of the GDPR, a charity doesn't have to rely just on consent but it must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. So, the good news is that charities do not necessarily need to send out the email opt ins we have all been receiving from retailers and other vendors, but they do need to think about what specific data they hold and why.

Many small charities are run by volunteer trustees who use their personal laptops to store data. Charities should consider how secure that storage is, whether the charity should insist on a minimum level of security and decide on secure processes for destroying hard copies of documents.

Another area for consideration is how long charities need to retain data - should a charity be keeping data from decades ago or should there be a cut off point for the destruction of the charity's records? There are going to be different answers depending on the particular circumstances of each charity but charity trustees should consider these issues.

The Charity Finance Group has put together a detailed look at the GDPR considerations for charities, on their website

For help and advice on running your charity, call Wilson Browne today on 0800 088 6004

Wilson Browne