You are here:

Getting ready for GDPR

Getting ready for GDPR

Ruth Hollis, Director of Policy and Impact, Spirit of 2012

As 2018 begins all charities will be turning their attention to getting ready for implementation of the new General Data Protection Regulation (GDPR) which comes into force on 25 May 2018, replacing the current Data Protection Legislation. 

GDPR will affect the way we collect, store and use data. Importantly for Spirit grant holders, it also relates to the data we collect, analyse and share about beneficiaries on our impact. The hot topic in the new legislation is consent – how we ensure that people clearly understand why we are collecting and keeping information about them and how we, and others, intend to use it, as well as how people can withdraw their consent to their information being stored or used. 

We will all need to make sure we have clear, transparent and appropriate ways of getting and storing consent from beneficiaries. As funders this means that we will be asking our grant holders for more information on any case studies or data supplied to us where the beneficiaries could be identifiable either by name or attributes and characteristics.  Grant holders will need to be clear about how they will share data with us, along with any other third parties they share data with, and how we might store and use it. We can help formulate that wording with grant holders.

As May approaches we will be sharing information, signposting resources, and having a discussion with each grant holder about what the changes mean for their Spirit grant. A great resource for thinking about GDPR is the new Information Commission FAQs for charities. This gives really clear advice on the implications for charities and links to practical steps to help them get GDPR ready. 

It will be a learning curve for all of us, but forward planning is key. We’ll be ready when May’s deadline arrives – and as a responsible funder, for whom measuring impact through data analysis is key, we’ll support our grant holders to ensure they’re ready too.

Further information:

Head to ICO's website for their GDPR FAQs for charities, here.