Cookies on Knowhow Nonprofit

We use cookies in order for parts of Knowhow Nonprofit to work properly, and also to collect information about how you use the site. We use this information to improve the site and tailor our services to you. For more, see our page on privacy and data protection.


Skip to content. | Skip to navigation

Community-made content which you can improve Case study from our community

Data protection and GDPR

Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018.

Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation:

  • requires organisations to register if they keep records
  • governs the processing of personal data including 'personal sensitive data'
  • requires organisations to comply with eight principles
  • allows employees, service users and other contacts to request to see the personal data held on them

Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.

You should start preparing now for changes that GDPR will require to your current policies and procedures. Read our guidance for charities on How To Prepare for GDPR.


The Information Commissioner's Office (ICO) is the regulator for data protection and privacy law. Their website is an excellent source of information and support and includes:their Guide to GDPR that they will regularly update

Sample policies and guidance 

It can be hard to write a policy from scratch. There are a number of suppliers of sample policies.  These are intended as guidance only and should be developed alongside the guidance from the Information Commissioner’s Office to ensure it is specific to your circumstances..

  • NCVO members can access free guidance on writing a data protection policy in the Tools and resources section on this site. (Due to be GDPR compliant by end of October 2017)
  • Bates Wells Braithwaite law firm has a customisable and GDPR-compliant data protection policy you can purchase on their Get Legal document production site. 

Watch our GDPR webinar

We ran a webinar with Protecture (one of our Trusted Suppliers) on 18 October 2017, you can watch the recording.

Training and events

NCVO offer training on data protection and the GDPR for charities and voluntary organisations. This is delivered regularly at NCVO in London or bespoke at your premises. to discuss what might suit you.

The NCVO Charity Regulation Conference on 5 February 2018 will discuss all the latest regulatory developments affecting the sector including GDPR, and help you ensure your organisation is legally compliant. 

Data Protection Health Check and Consultancy

  • NCVO's consultancy service can provide a health check for your organisation to assess you data protection fitness and develop an action plan for GDPR compliance. for more details.
  • NCVO trusted supplier Protecture offers various subscription based support packages depending on your data protection requirements. NCVO members gain a 10% discount.
Page last edited Jan 08, 2018

Help us to improve this page – give us feedback.

1 star 2 stars 3 stars 4 stars 5 stars 3/5 from 256 ratings