15 January 2018 #Data Protection
With the General Data Protection Regulation (GDPR) deadline growing closer, the Information Commissioner’s Office (ICO) has published 12 ‘frequently asked questions’ about the regulations.
ICO suggests small and micro organisations, including charities, use resources provided by the ICO to assist their compliance efforts. Resources include:
ICO indicates that while there are no current plans to produce tailored advice for specific sectors, they are supporting sector-led ideas. Responding to a question requesting guidance specific to the charitable sector, ICO states:
“Our guidance focuses on the general application of the GDPR. But we are engaging with representatives from the charity sector to assist them in producing their own sector-specific advice and guidance”.
Those concerned about the survival of their charity post GDPR - due to the lack of agreement allowing processing of special category personal data (e.g. race, ethnic origin, political or religious views, biometrics and sexual life or orientation, and other personal data which would require special safeguarding measures)- may gain some relief from the publication as the ICO suggests:
“The conditions for processing special category data under the GDPR in the UK are likely to be similar to the Schedule 3 conditions under the 1998 Act for the processing of sensitive personal data”.
The publication also aims to clear up misconceptions about consent when it comes to marketing. While charities will not necessarily need consent for postal marketing to donors (key thing here being the fact that these individuals have already consented their personal data being collected and used to some extent), consent would still be required for some calls, and for texts and emails, especially to new recipients.
The FAQs give some useful advice on how to start preparing your business for the GDPR, particularly for small/micro organisations. Do get in touch with us if you need any help with making changes.