Many charities and community organisations in Solihull will need to start thinking about GDPR or, after May next year, they may find themselves on the wrong side of the law. It is heavy stuff and, to be comfortable, a good 6-8 months for planning and implementing changes would be sensible.
So, what is it? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and all UK organisations that process the personal data of EU residents have only a short time to ensure that they are compliant. Brexit will make no difference in that timeframe.
This new Regulation extends the rights of individuals and the requirements upon organisations processing personal data:
- The definition of personal data is being broadened
- Organisations are required to reduce the amount of personally identifiable information they store, and to ensure that they do not store any information for longer than necessary
- Explicit parental consent will be necessary for processing data about children under age 16
- The rules for obtaining valid consent are being changed.
SUSTAiN is intending to run an information/training event in early Autumn to provide guidance to those in the local sector who require it. If you think your organisation will be affected by these changes and would be interested in attending, please email firstname.lastname@example.org.