The aim of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is to give people control over their personal data. It also widens the definition of ‘personal data’ to include genetic, social and economic information. Essentially it means you must ask people to specifically opt-in to being contacted by you for not only each different contact method (phone, email, mail, text etc) but also what they want to be contacted about (Events, Membership, Fundraising, anything you need to contact individuals about). ‘Opting in’ to a newsletter is no longer good enough.
GDPR becomes enforceable from 25th May 2018 after a two-year transition period and it does not require any further legislation to be passed by national governments. Data protection rules will be more or less identical throughout the EU (there is currently no indication that Brexit will alter the UK’s own GDPR rules).
The introduction of GDPR undoubtedly marks a turning point for data management. Amongst other things, it will
- Make the appointment of a Data Protection Officer mandatory for some organisations
- Introduce data breach notification within 72 hours to the local DP Authority
- Expand liability beyond data controllers to all organisations that deal with personal data
- Introduce increased fines – up to 4% of global annual turnover or EUR 20 million (whichever is the highest)
Tengo’s consultancy services can help charities and other organisations with all aspects of GDPR, ensuring you’re ready, ensuring you’re compliant, and ensuring you maximise the potential benefits from it. And of course, ensuring you don’t get fined!
Contact us today for a free initial phone consultation.