General Data Protection Regulation – what you need to know
|The General Data Protection Regulation (GDPR) changes elements of the law surrounding how organisations manage data. Whether you hold a mailing list of only 50 people or 5,000 you will need to make sure that you are adhering to these new guidelines. The changes will come into effect in May 2018.
Below is a roundup of current support available to museums, from other sector support organisations:
The Webinar was designed to help you work out how the changes would impact your organisation. We were very fortunate to have Richard Sisson, Senior Policy Officer, Policy and Engagement (Private and Third Sector) at the Information Commissioner’s Office and Naomi Korn, data expert and consultant running this webinar with us and they were able to answer some of the questions we received.
The new AIM publication has not been created as a guide to everything in the Data Protection Act (DPA) – or the impending General Data Protection Regulation (GDPR) – but focuses instead on the most important areas for action now. The GDPR applies to the whole UK, so this guide is suitable for all AIM members and other heritage sector organisations across the UK.
The AIM Success Guide is for trustees, senior staff and members of staff and volunteers involved in fundraising or marketing and the guide outlines the main data protection issues to help museums and cultural organisations carry out an audit of their current position and draw up an action plan and there is a useful action checklist included.
You can download the guide for free at: Successfully Managing Privacy And Data Regulations In Small Museums.
Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation:
Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.
Requirements for these policies and procedures will change when GDPR takes effect. Read our guidance for charities on how to prepare for GDPR.
It can be hard to write a policy from scratch. There are a number of suppliers of sample policies. These are intended as guidance only and should be developed alongside the guidance from the Information Commissioner’s Office to ensure it is specific to your circumstances.
Watch our GDPR webinar
We ran a webinar with Protecture (one of our Trusted Suppliers) on 18 October 2017, you can watch the recording.
Consultant Naomi Korn has written a very useful data protection FAQs.