General Data Protection Regulation - How, When and Why

Part of my role at MVSC is to manage the database. It’s important I make sure that our database is up to date and growing. But at the same time we need to make sure we’re looking after the data that we collect, make sure this data is safe and that we comply with legislation.

The data protection rules are changing as of May 2018 so I went along to a workshop organised by Morrison’s Solicitors. It focused on how you collect data, how you use it and how it applies to everyone from volunteers to corporate companies.

Ever wondered how people get you mobile number or email address without signing up? Well, as of May 2018 this will stop as the law changes. If you collect someone’s data you must tell them what they are signing up to and how you will use their data AND you must always have an opt out option.

Here are some things that charities and voluntary organisations need to think about:

  • Changes in the definition of consent
  • Using legitimate interests as a basis for processing
  • Transparency: what you have to tell people about your processing
  • Data subject rights
  • Processing data on children
  • Your recordkeeping
  • Data Protection by design and by default
  • Your relations with other organisations
  • Changes in your relationship with a Data Processor
  • Security
  • Breach notification
  • Data Protection Impact Assessments
  • Will you need a Data Protection Officer?
  • Transfers abroad
  • Fines and enforcement

We want to make sure that we are supporting local organisations to look after their data, keep that data safe and comply with legislation. Hopefully this blog gets you thinking about what you need to do. You can also check out this handy guide too.