SPECIALISED SERVICES FOR CHARITIES AND NON-PROFIT ORGANISATIONSHelping you comply with your responsibilities to information rights in not-for-profit, charitable and voluntary organisations
What GDPR means to you
How we can help
Want more information?
Specialised GDPR services for Charities and Not-for-Profit Organisations
The GDPR has an impact on the vast majority of UK Charities in one way or another with the regulations affecting all aspects of the business including fundraising, campaigning and volunteer management. Charities need to adopt a whole organisation approach, with a strategy agreed at board level.
There are no significant exemptions that apply to Charities, and there are no additional legal protections to those who fail in their data protection duties either. Any charity or non-profit organisation that collects personal information from individuals – be that service users, donors, beneficiaries, marketing contacts, trustees, employees or volunteers – will need to review its data protection practices and procedures to ensure they are compliant.
The question of how fundraisers can lawfully contact donors and supporters, or identify and approach potential new supporters, has been the main focus of the debate about data protection so far in the Charity sector. It is important not to simply see GDPR in this way as the requirements apply across the board in charities, for campaigning, marketing, managing volunteers and recording information about service users – anything that involves processing an individual’s personal data.
Fundraisers need to get this right not only to be sure that they’re meeting their legal requirements, but also to give their donors a great experience of supporting charities to ensure their ongoing support.
Book your 15 minute consultation and speak to one of our experts who can evaluate your needs, and answer any queries you may have regarding the GDPR.
15 Minute Consultation Form
How we can help
GDPR123 are compliance experts who can guide you through the process of becoming GDPR compliant so that you can build client confidence, help you satisfy due diligence investigations as well as avoid fines and remedial actions imposed by the Information Commissioners Office (ICO).
- Stage 1 Audit / Gap Analysis
Your organisation will be measured against the GDPR which will result in a Non-conformity report. This is a clear set of instructions that explain what you need to do to become compliant.
- Prepare a Legal Register and Documents
Review/supply policies, procedures and plans.
- Prepare a Due Diligence Pack
Quickly turn around and satisfy Due Diligence enquiries.
- Cyber Insurance Review
You can Transfer or Reduce risk with appropriate Cyber Insurance.
- Review Web Operations
This includes Web-based forms to ensure they obtain appropriate and affirmed consent as well as ensuring they are unambiguous.
- Training and Awareness
With 8 in 10 data breaches resulting from Human Error, the GDPR requires organisations to implement appropriate organisational measures to ensure the safeguarding of PII (Personally Identifiable Information). This includes appropriate levels of awareness training.
- Dealing with Brexit
We understand the implications of Brexit and will advise you accordingly as the various stages of Brexit are implemented.
- 72 Hour Breach Notifications
It is important to have an appropriate and tested plan in place for data breaches. Failure to have this in place can attract a penalty of between 2% of your global turnover or 10,000,000 Euro, or 4% of your global turnover or 20,000,000 Euro. The fines are calculated to whichever is the greater and are purposely designed to be dissuasive.
- Handle SARs (Subject Access Requests and Rights Requests)
GDPR gives Data Subjects human rights in terms of their Data and with this comes their right to request the Data Controller or Data Processor to undertake certain actions. Failure to respond to a request in time is a breach if their rights and is taken very seriously so you need to be prepared.
- Determine and Appoint/Act as a DPO Data Processing Officer
In some cases a DPO needs to be appointed. We will help you determine if you need a DPO or make a recommendation if it would be advisable.
GDPR123 COMPLIANCE FRAMEWORK
Cloud-based “GDPR Compliance Assistant” Software
Fully Annotated Regulation Documents
Over 80 Policies, Procedures, Plans and Registers
Data Flow Mapping Tools
Set of Physical Folders and Manuals for reference and record keeping
Support and Guidance from your own team of GDPR experts
We provide everything you’ll need to both achieve and maintain compliance!
All prices shown are subject to VAT
Search All Sectors
Marketing / Telesales
Charities / Non-Profit
Child Services / Education
Retail / E-commerce