The general data protection regulation (GDPR) is a new EU law that will come into effect on 25 May 2018. It’s the biggest overhaul of data protection legislation for over 25 years, and will introduce new requirements for how organisations process personal data. Your Elders are looking at this now, here are some of the points to consider. Arrange a Data Audit Audit what personal data you hold, where it came from and who you share it with. Review how you ask for consent Under GDPR, simply saying “click here to read our privacy policy” is no longer enough. You need to explain clearly why you are collecting personal data and how you intend to use it. Ultimately, GDPR is very clear that an individual’s choice to say “no” is paramount. Provide User Access to Personal Data People can make subject access requests at any time to check the data you hold and what you do with it. Manage Data Charities should put a process in place, such as to include “Find out what information we hold on you” and “Remove all information about me” sections in your privacy policy to give people clear information.