General Data Protection Regulations

The new General Data Protection Regulations (GDPR) came into effect on 25th May 2018. Your centre must now be compliant with these regulations. PCN is working closely with a Data Protection advisor to develop centre-specific template documents. These are available for download, free of charge to centres.  

Below are the documents we have prepared, tailored to the generic needs of the centres. (Others will be added as they become available, so please keep an eye on this page.) As you prepare your policies and practices for the GDPR changes, please feel free to use these documents as foundation materials which can be edited to make applicable to your centre. Please note that these are recommended as examples of good practice, but it remains the responsibility of your trustees to approve and enact the policies in your centre.

Below we also have an “FAQ” section for your reference. Please contact us if you have further questions or comments.

Comprehensive generic information about GDPR is available on the Information Commissioners Office website.

Template documents for centres to edit


Example policies from a local centre


Frequently Asked Questions

Many of the documents above will resolve the issues raised, but if you have any unanswered questions, please do get in touch and we will seek to add the answers in this section.

1. We are a small charity with a turnover of less than £5k per annum. Are we exempt from GDPR?

No, every organisation that captures and stores any form of data about people or organisations is subject to these regulations.

2. Does the ICO really give fines to charities?

Yes. The ICO has a list of ‘Actions Taken’, which includes fines against charities.

3. If we don’t store any electronic data, do we still need to have a Data Protection policy?

Yes, the method of storage you use is irrelevant. If you keep any record of clients, referrers, donors, supporters, etc, you will need to have the necessary policies and practices in place. Even if you only have paper records, you need to comply with GDPR.

4. We have built up our database over many years. Surely we don’t have to scrap it all and start again??

You will need to be able to demonstrate that everyone on your databse has given consent to be on it, that they understand why you are holding their data and for how long, and thay they have an easy way of coming off this list.