In May 2018, the EU General Data Protection Regulation came into force.

Under these regulations, companies must keep a thorough record of how and when an individual gives consent to store and use their personal data and this must be through ‘active consent’ ie. not just a pre-ticked box. Individuals must also be able to withdraw their consent at any time and for all their personal data to be removed as a result.

GDPR Factsheet for CoS Groups

From 1 Jan 2021, (EU) GDPR is replaced by the UK GDPR but the regulations are the same.

We recommend that you also consult your local CVS or Volunteer Centre about the implications of the GDPR for your group.

Links

The ICO (Information Commissioner’s Office) have a guide to GDPR , a tool to help you determine if your use of data is lawful and other resources

Information from the ICO to help you determine if you need to report a breach and how to do so

The Institute of Fundraising has a series of ‘spotlights’ on different aspects of fundraising and how the GDPR applies.

Information from Give As You Live about the GDPR, including an infopack

‘The General Data Protection Regulation: What it is, what we’re doing and what you can do’ from MailChimp (this is a dense document but useful if your group uses MailChimp for your mailing list)

‘Child protection records retention and storage’ guidance from the NSPCC

Links

National Cyber Security Centre advice and guidance

Event expenses policy (2021)