18th October 2017
There’s a lot of chatter across all sectors about the forthcoming change to data protection – the General Data Protection Regulation (GDPR) – which comes into force next May.
Whilst professional services advisers are helping their clients to be clear about their responsibilities, it’s easy to get distracted by scary headlines and outlandish claims. Of course, charities may have to change the way they do things, but as long as you keep in mind that the new regulations are about protecting rights and encouraging transparency, rather than about imposing unwanted burdens and huge fines, you should be able to plan for and manage the changes effectively.
A recent blog from the UK Information Commissioner, Elizabeth Denham, states pretty clearly that fines are the last option, not the first. What the Office wants to ensure is that organisations collect and use data responsibly and are transparent about how and why they do it.
“Issuing fines has always been and will continue to be, a last resort. Last year (2016/17) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned,” she writes.
Under GDPR, there will be six legal ways in which you can process information. These different pathways exist because organisations need and want to collect and process data for different reasons. The legal ways are:
There are also conditions for special categories of data, which can be found at the Information Commissioner’s Office website – www.ico.org.uk.
For most charities, the first lawful basis is the most likely to be relevant. You must ensure that consent is informed and actively given, rather than assumed, and that the consent is separate from any other terms and conditions. Someone who consents to your holding their data should be able to remove that consent easily.
For many charities, GDPR represents an opportunity to ensure you are being transparent and putting your supporters, fundraisers and other stakeholders first. It shouldn’t require a lot of additional expense or worry, but do contact your solicitor if you need to know more.