Data Protection for Organisations

General Data Protection Regulation (GDPR) – the new legal framework – will apply in the UK from 25th May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements. Under GDPR, UK citizens will benefit from new or stronger rights:

  • to be informed about how their data is used;
  • around data portability across service providers;
  • to erase or delete their personal information;
  • over access to the personal data an organisation holds about them;
  • to correct inaccurate or incomplete information; and
  • over automated decisions and profiling. 

Scottish charities must be aware of all of their requirements and should prepare for the GDPR prior to its launch. They may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex organisation, this could have significant budgetary, IT, personnel, governance and communications implications. To assist you, the Information Commissioner's Office (ICO) website contains information on how you can prepare for the GDPR, including this document which outlines 12 steps to take right now: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf