Please see the following sections for information specific to:
Here is our Data Protection Policy (amended Feb 2021) including our Privacy Notice
The Resource Centre and NCVO have lots of template policies and guidance. We also recommend that you contact your local CVS or Volunteer Centre for advice about policies and procedures for your group.
Disclaimer: The information provided in this section and any policies provided here are intended for guidance only. They are not a substitute for professional advice and we cannot accept any responsibility for loss occasioned as a result of any person acting or refraining from acting upon it.
In May 2018, the EU General Data Protection Regulation came into force.
Under these regulations, companies must keep a thorough record of how and when an individual gives consent to store and use their personal data and this must be through ‘active consent’ ie. not just a pre-ticked box. Individuals must also be able to withdraw their consent at any time and for all their personal data to be removed as a result.
From 1 Jan 2021, (EU) GDPR is replaced by the UK GDPR but the regulations are the same.
We recommend that you also consult your local CVS or Volunteer Centre about the implications of the GDPR for your group.
Information from the ICO to help you determine if you need to report a breach and how to do so
The Institute of Fundraising has a series of ‘spotlights’ on different aspects of fundraising and how the GDPR applies.
Information from Give As You Live about the GDPR, including an infopack
‘The General Data Protection Regulation: What it is, what we’re doing and what you can do’ from MailChimp (this is a dense document but useful if your group uses MailChimp for your mailing list)
‘Child protection records retention and storage’ guidance from the NSPCC
Event expenses policy (2021)