Those terrifying letters...GDPR

Dare I say those terrifying letters? Dare I? If I do will you stick your head in the sand, or run away, never to read the rest of this blog?
What am I talking about? GDPR of course.
STOP! Don't run! It really isn't as scary as you might have heard. I've attended several events and information sessions, and as a member of the steering group I thought it could be helpful to share what I've learned...

GDPR is really about three things-
  • Transparency
  • Control
  • Accountability

And if you are a small charity who doesn't process the health data of lots of people, doesn't stress if you haven't got everything finalised by 25th May. You won't go to prison, or be landed with thousands of pounds worth of fines.

If you are a big charity or organisation, processing hundreds and thousands of peoples health data, and you haven't even started thinking about GDPR on 25th May- well then you might need to be a bit concerned!

It's all about proportionality. Steve Wood, the Deputy Commissioner of the ICO told me that- so I'm inclined to believe him!

So, is this going to cost your charity a fortune? Do you need an expensive monthly service to assist you? Do you need a new paid Data Controller or Processor?
No, you don't. All the information you need is available out there, mostly free of charge. Your data controller /processor can be, in most cases, an existing member of your staff.

The ICO is taking a common sense approach- those are their words, not mine. You need to be seen to have an impact assessment relating to data collection- what/ why/ how/ impact. That's not so hard.

You need to make sure that you have express (rather than implied) consent. That means asking your customers/ people on your database. Again not so hard.
and they have a helpline where they are really happy to talk you through any questions you may have: 0303 123 1113 (Option 4).
So no running, no heads in the sand. No huge bills. Make sure your trustees know this too. It's not that hard
Take the advice out there, ask MVA, or use the support available through the VCS Leader's Network so ask questions, share resources and
give feedback (good or bad) on the support that's out there.

Author: Dalia Halpern-Matthews
CEO Nucleus Arts and Chair of Medway's VCS Leaders Network