General Data Protection Regulations

The new General Data Protection Regulations (GDPR) come into effect on 25th May 2018. At this point, your centre must be compliant with these regulations. PCN is working closely with a Data Protection advisor to develop centre-specific template documents. These are available for download, free of charge to centres.  

Below are the documents we have prepared, tailored to the generic needs of the centres. (Others will be added as they become available, so please keep an eye on this page.) As you prepare your policies and practices for the GDPR changes, please feel free to use these documents as foundation materials which can be edited to make applicable to your centre. Please note that these are recommended as examples of good practice, but it remains the responsibility of your trustees to approve and enact the policies in your centre.

Below we also have an “FAQ” section for your reference. Please contact us if you have further questions or comments.

Comprehensive generic information about GDPR is available on the Information Commissioners Office website.

Template documents for centres to edit

Title Download
Preparing for the General Data Protection Regulations
  1 files      64 downloads
Privacy Notice
  1 files      70 downloads
Quick Guide to the Marketing Rules
  1 files      42 downloads

Example policies from a local centre

Title Download
Data Protection Policy (February 2018)
  1 files      88 downloads
ICT Security Policy (April 2017)
  1 files      48 downloads
Privacy Policy Online (April 2017)
  1 files      61 downloads

Frequently Asked Questions

Many of the documents above will resolve the issues raised, but if you have any unanswered questions, please do get in touch and we will seek to add the answers in this section.

1. We are a small charity with a turnover of less than £5k per annum. Are we exempt from GDPR?

No, every organisation that captures and stores any form of data about people or organisations is subject to these regulations.

2. Does the ICO really give fines to charities?

Yes. The ICO has a list of ‘Actions Taken’, which includes fines against charities.

3. If we don’t store any electronic data, do we still need to have a Data Protection policy?

Yes, the method of storage you use is irrelevant. If you keep any record of clients, referrers, donors, supporters, etc, you will need to have the necessary policies and practices in place. Even if you only have paper records, you need to comply with GDPR.

4. We have built up our database over many years. Surely we don’t have to scrap it all and start again??

You will need to be able to demonstrate that everyone on your databse has given consent to be on it, that they understand why you are holding their data and for how long, and thay they have an easy way of coming off this list.