GDPR: what you need to know

GDPR: what you need to know

Many people and organisations in the charity sector and elsewhere are hearing this acronym – GDPR. But what is it and what do you need to do about it?

What is it?GDPR image

GDPR stands for ‘General Data Protection Regulation’, and it is a new piece of legislation that comes into force in May 2018.  While it builds on existing Data Protection legislation, it represents a significant change for organisations that hold and process personal data.

Will it affect me?

If your organisation holds personal data, whether in the form of contact information or any other sorts of personal data (for example, information about ethnicity, religious belief, or bank account or credit card information) elements of the new regulations will apply to you.

What can I do to prepare?

There are a number of good resources online, some specifically aimed at the charitable sector, some more general, which should equip you to at least assess what you need to do as an organisation to ensure that you are compliant with the new regulations.  There is no ‘one size fits all’ approach, as what will be required of you will vary significantly depending on the sort of organisation you are, and what you do with the data that you collect and hold.


  • The Information Commissioner provides some good resources in the form of a self assessment toolkit to assist with the various elements that may or may not be directly relevant to you.  On 1st November they launched a hotline to support organisations employing fewer than employees with GDPR queries.  This can be reached on 0303 123 1113.
  • NCVO’s Knowhow Non Profit site has also produced a 12 point plan, adapted from the ICO guidance
  • The company ‘IT Governance’ have produced a ‘Compliance Guide’ which can be freely downloaded from their website.
  • Charity Digital News, working with Access have also produced a free 5 step plan, with a particular focus on how your CRM system needs to support your GDPR compliance (NB Access is a commercial concern who provide CRM software)
  • If your organisation raises funds directly from individuals, there are changes there too which you need to be prepared for.  Tim Turner, a former policy manager at the ICO, has produced a ‘survival guide’ which is freely downloadable from the ‘Civil Society’ website and the Institute of Fundraising has also produced a free guide for such organisations.

Media articles

There have been numerous articles in the media over recent weeks and months, a few of which actually set out some of the challenges and considerations in a helpful and accessible way, and which may be useful for informing trustees and staff of the changes that are coming, without overloading them with unnecessary detail.

Third Sector - GDPR: Should you be afraid?

BBC - Could new data laws end up bankrupting your company?

The Guardian - GDPR: how charities should prepare for data protection changes