GDPR

The GDPR (General Data Protection Regulation) is the new legal framework for data protection in the EU. It comes into force on 25th May 2018. It is similar to the existing Data Protection Act but adds some new and different requirements. The authoritative source in the UK is the Information Commissioners Office (ICO – https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/).

 

If you are not doing so already, you will need to think about whether you need to update any of your practices to ensure that you will meet the requirements. As one example, do you seek consent from data subjects (your clients), and will it meet the standard – freely given, specific, informed and unambiguous? If not, do you have a lawful basis for processing their data?

 

Lamplight has been making a number of changes in the coming months to help you meet the GDPR requirements. In particular we:

– are training key staff

– are working towards Cyber Essentials certification

– will then seek ISO27001:2013 certification

– are the implementation workbook and producing some advice about your use of Lamplight

 

Within the system, we are extending the existing, built-in consents (“allow post” etc) to provide a more fine-grained and flexible mechanism to record consent. We are also looking at how Lamplight can help you to provide data subjects with access to their data securely and support their rights to rectification and data portability.

 

Finally, we’ll ensure that there are support materials to help you use the functionality that’s already there in Lamplight that enables you to fulfil your responsibilities.

 

For you, the GDPR will extend beyond your use of Lamplight, and we’d strongly recommend that your Trustees start to consider it soon.

 

Further resources:

– the ICO https://ico.org.uk/for-organisations/ and their charity specific pages: https://ico.org.uk/for-organisations/charity/

– NCVO KnowHow NonProfit gives a good overview and links to resources (e.g. sample policies etc): https://knowhownonprofit.org/organisation/operations/dataprotection NCVO also offer training.

– For a fundraising take, the Institute of Fundraising: http://www.institute-of-fundraising.org.uk/guidance/research/gdpressentials/

– Your local CVS (if you’re still lucky enough to have one!) or Local Authority may be able to help too.