This factsheet can be downloaded as a PDF here
Please use our language translator in the top right hand side of our website to translate this page into different languages.
What is GDPR and the Data Protection Act?
Data protection legislation isn’t a new thing. The new legislation builds on rules we have had in place for a number of years but refreshes to reflect new technologies and ways we use data and information.
- The General Data Protection Regulations (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area
- The Data Protection Act 2018 controls how your personal information is used by organisations and is the UK’s implementation of the General Data Protection Regulation (GDPR)
The two pieces of legislation essentially work together to cover how we should treat personal data and this will continue post Brexit.
What information does the Data Protection Act and GDPR apply to?
The Data Protection Act and GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. You can find more detail in the key definitions section of the ICO (Information Commissioners Office) Guide to the GDPR.
Isn't this just for business and large organisations?
Data Protection is important to organisations, charities and groups of all shapes and sizes as most of us handle personal data. For example, if you have a membership, send a newsletter to your users, fundraise or have to provide data to a funder or commissioners then these are all examples of work that requires good information governance and are affected by data protection regulations.
But isn't this just all about IT and Computers?
Cyber security does play a part in data protection and ensuring compliance with legislation. But it's more about how we use IT and computer systems than what computer programme you have in place.
Cyber Essentials is a government back schemed and working through their free checklist will help your organisation have the basic controls in place to protect your organisations and its data - click here for more information. Also the National Cyber Security Centre has produced a free guide aimed at small charities that can be downloaded here.
What should our group or organisation do?
Ensuring your group or organisation stays compliant will take a whole organisational approach. It is important to make sure your whole team, including volunteers, are aware of the new regulations. Putting together an action plan will help your organisation check and maintain its compliance.
To support organisations 10GM (working alongside GMCA) have created an Information Governance Toolkit to support organisations. Based on the ICO guidance on getting reading for GDPR it asks the most common questions organisations need to consider and signposts you to more information. You can download a copy here.
Where can I get more help and support?
You can contact Macc where our Capacity Building Team can offer help, support and guidance.
Alternatively you can contract the Information Commissioners Office directly with your queries. The ICO have launched a dedicated advice line aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.
Updated: October 2019