General Data Protection Regulations

The new General Data Protection Regulations (GDPR) come into effect on 25th May 2018. At this point, your centre must be compliant with these regulations. PCN is working closely with a Data Protection advisor to develop centre-specific template documents. These are available for download, free of charge to centres.  

Below are the documents we have prepared, tailored to the generic needs of the centres. (Others will be added as they become available, so please keep an eye on this page.) As you prepare your policies and practices for the GDPR changes, please feel free to use these documents as foundation materials which can be edited to make applicable to your centre. Please note that these are recommended as examples of good practice, but it remains the responsibility of your trustees to approve and enact the policies in your centre.

Below we also have an “FAQ” section for your reference. Please contact us if you have further questions or comments.

Comprehensive generic information about GDPR is available on the Information Commissioners Office website.

Template documents for centres to edit

Title Download
Preparing for the General Data Protection Regulations
  1 files      18 downloads
Download
Privacy Notice
  1 files      13 downloads
Download
Quick Guide to the Marketing Rules
  1 files      9 downloads
Download

Example policies from a local centre

Title Download
Data Protection Policy (April 2017)
  1 files      40 downloads
Download
ICT Security Policy (April 2017)
  1 files      16 downloads
Download
Privacy Policy Online (April 2017)
  1 files      18 downloads
Download

Frequently Asked Questions

Many of the documents above will resolve the issues raised, but if you have any unanswered questions, please do get in touch and we will seek to add the answers in this section.

1. We are a small charity with a turnover of less than £5k per annum. Are we exempt from GDPR?
2. Does the ICO really give fines to charities?
3. If we don’t store any electronic data, do we still need to have a Data Protection policy?
4. We have built up our database over many years. Surely we don’t have to scrap it all and start again??