General Data Protection Regulation – what you need to know

February 14, 2018
The General Data Protection Regulation (GDPR) changes elements of the law surrounding how organisations manage data. Whether you hold a mailing list of only 50 people or 5,000 you will need to make sure that you are adhering to these new guidelines. The changes will come into effect in May 2018.

Below is a roundup of current support available to museums, from other sector support organisations:


Museums and Heritage Advisor – Free Webinar

The Webinar was designed to help you work out how the changes would impact your organisation. We were very fortunate to have Richard Sisson, Senior Policy Officer, Policy and Engagement (Private and Third Sector) at the Information Commissioner’s Office and Naomi Korn, data expert and consultant running this webinar with us and they were able to answer some of the questions we received.

You can watch the webinar here.


Association of Independent Museums – Success Guide

The new AIM publication has not been created as a guide to everything in the Data Protection Act (DPA) – or the impending General Data Protection Regulation (GDPR) – but focuses instead on the most important areas for action now. The GDPR applies to the whole UK, so this guide is suitable for all AIM members and other heritage sector organisations across the UK.

The AIM Success Guide is for trustees, senior staff and members of staff and volunteers involved in fundraising or marketing and the guide outlines the main data protection issues to help museums and cultural organisations carry out an audit of their current position and draw up an action plan and there is a useful action checklist included.

You can download the guide for free at: Successfully Managing Privacy And Data Regulations In Small Museums.


NCVO – Webinar and Templates

Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation:

  • requires organisations to register if they keep records
  • governs the processing of personal data including ‘personal sensitive data’
  • requires organisations to comply with eight principles for data protection
  • allows employees, service users and other contacts to request to see the personal data held on them.

Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.

Requirements for these policies and procedures will change when GDPR takes effect. Read our guidance for charities on how to prepare for GDPR.

Sample policies

It can be hard to write a policy from scratch. There are a number of suppliers of sample policies. These are intended as guidance only and should be developed alongside the guidance from the Information Commissioner’s Office to ensure it is specific to your circumstances.

Watch our GDPR webinar

We ran a webinar with Protecture (one of our Trusted Suppliers) on 18 October 2017, you can watch the recording.


 

Other Resources:

Consultant Naomi Korn has written a  very useful data protection FAQs.

Coming up

Latest Tweets

Twitter feed is not available at the moment.