Charity Data Protection | Anthony Collins Solicitors Birmingham

Data protection means safeguarding important information from corruption, compromise or loss. As the amount of data we create and store continues to grow, it’s becoming more important to have the right systems and processes in place.

Data protection for Charities

You will hold many types of personal information about staff, volunteers and third parties with whom you engage. Ensuring that you and your staff understand your duties and obligations as guardians of this data is an essential part of any successful charity.

The Data Protection Act 1998 has been superseded by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which took effect in May 2018. This new regime has revolutionised data protection law and information rights, acting as a catalyst for a new culture of privacy that you must embed within your charity through effective policies and procedures.

Data protection and information sharing

Our team’s understanding of how the new regime impacts charities allows us to work closely with you and your organisation to help you manage your data protection compliance programmes. We can guide you on data protection and how to handle and share information to ensure compliance with the new regime.

The GDPR states that you must make sure the information you hold is:

used fairly, lawfully and transparently
used for specified, explicit purposes
used in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

race
ethnicity
political opinions
religious beliefs
trade union membership
genetics
biometrics (where used for identification)
health
sex life or orientation

There are additional safeguards for personal data relating to criminal convictions and offences.

Under the new regime, everyone has the right to find out what information you hold about them. These include the right to:

know how you use their data
access personal data
have incorrect data updated
have data erased
stop or restrict the processing of their data
data portability
object to how their data is processed in certain circumstances

Data protection advice for charities

Our team of experts can help to guide you through this regulatory maze, advising you on the best approach for capturing, handling and sharing information within your organisation so you don’t fall short of your obligations. We can help you identify risks that could result in data breaches, penalties and reputational damage, and put plans in place to mitigate and manage them if they happen.

We advise charities on all areas of data protection and information law compliance, as well as providing guidance on freedom of expression, privacy, reputation and information rights generally. We can help you with the following:

Drafting and reviewing data protection compliance documentation - including the data protection policy for your organisation. We support our clients in drafting and reviewing contracts, data sharing agreements and compliance documents, such as data protection and retention policies, privacy notices and impact assessments.

Data breach management - We can provide training, advice and guidance to those who deal with data within their role, to prevent personal data breaches. However, in the event of a breach, our lawyers can assist with and advise on the appropriate course of action to ensure that you not only comply with data protection legislation, but you limit any reputational damage and any punitive action from the Information Commissioner’s Office.

Responding to data subject access requests - We can advise on managing subject access requests and how to respond to them.

Training and updates - We offer data protection training to staff (either at your location or our offices), tailored to the needs of your organisation, on data protection, privacy, reputation and information rights issues and developments. To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, sign up to Newsroom.

For more information

For more information, please contact Peter Coe.

Service specialist

View profile

Eeshma Qazi Solicitor

Data protection solicitor who is passionate about helping clients navigate the increasingly complex and ever-evolving data protection landscape.

View service specialist profile

View author profile

We have been recognised for the work we do

Chambers and Partners UK 2017 - Ranked Practice Areas

Top-Tier Firm 2016

UK top-five charity law firm in Charity Financials’ 2017 Top Legal Advisors list.

See our awards

Clare Paterson Data Protection Consultant

Data protection consultant in the Data Protection & Information Law team.

View Profile

Eeshma Qazi Solicitor

Data protection solicitor who is passionate about helping clients navigate the increasingly complex and ever-evolving data protection landscape.

View Profile

Latest news and ebriefings

New ICO guidance on DSARs – hurry, time is of the essence Monday 16 September 2019

The UK Information Commissioner’s Office (ICO) has recently made some noteworthy changes to its guidance around data subject access requests (DSARs).

The Times’ Christmas Appeal 2019 Thursday 5 September 2019

The Times is looking for three or four charities to feature in their editions running in December 2019 and early January 2020.

Intentions to fine BA and Marriott – a harbinger of what’s to come or a tempest in a rather large teacup? Monday 15 July 2019

On 8 July, news broke of the staggering fine of more than £183m the ICO intended to levy against British Airways as a result of a hack that took place in 2018, compromising 500,000 customers' data.

Can you be liable in defamation for what another person posts or tweets? Monday 4 February 2019

A recent High Court decision could have repercussions for our clients who communicate via social media group accounts but don’t actually compose some or all of the messages the organisation posts.

Heathrow data breach Thursday 17 January 2019

In October 2018, it was reported that Heathrow Airport Ltd had been fined £120,000 by the Information Commissioner’s Office (ICO) for failing to keep personal data secure.

Dominic Curran takes the lead Wednesday 3 October 2018

Dominic Curran becomes head of charities at Anthony Collins Solicitors.

Don’t panic! There is life after the GDPR…and it’s pretty good! Tuesday 18 September 2018

The GDPR and DPA 2018 have already been in force for nearly four months. Here we talk through some of the key learnings since May.

The Data Protection Act 2018, the what and the why Monday 23 July 2018

In what has been a veritable deluge of data protection-related developments, we now have in our midst, a brand-new, homegrown iteration of data protection legislation; the Data Protection Act 2018.

GDPR will apply from 25 May 2018: are you ready? Friday 11 May 2018

We are now only a few weeks away from the biggest change to data protection laws in over 20 years. Are you compliant?

Cyber attacks and fraud – Better to be safe than sorry Thursday 15 March 2018

Organisations are increasingly becoming victims of criminal fraud and cyber attacks. It is essential that organisations, including charities, protect their assets, data and reputation.