Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation:
- requires organisations to register if they keep records (unless they are exempt and includes many smaller charities)
- governs the processing of personal data including 'personal sensitive data'
- requires organisations to comply with eight principles
- allows employees, service users and other contacts to request to see the personal data held on them
Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.
You should start preparing now for changes that GDPR will require to your current policies and procedures. Read our guidance for charities on How To Prepare for GDPR.