t GD m PR
chec
in Nottingham
ute
GD kli PR st ch fo e connected
category
cklist for charities
A e last
minute
GDPR
ies checklist for charities
it
r
a
h
c
r
o
f
t
s
li
k
c
POLICY
e GDPR ch
REVIEW POLICY
corto y al pie.
all to medium
én size
tu d tex
org to
anisations.
41
simplified the journey
to get GDPR-ready. We've in your organisation.
w the data
late
t to not
too itis
prior
It's
? ha
data, you will need to revie
e?
GDPR with
It's no
lying
t to app
s to
Alongside a review of your
may already
step
o
n
lat
ce han
e
to
five
with ds-o
e ian
get GDPR-re
es you have in place. You
these five hand
edur
proc
and
ies
polic
cy
ad
y. W grap
s-on steps to
e've hic.
simplified the priva policies in place under the Data Protection Act, but they will
of this
om ing
bott
apply
the
at
are
ICO
jou
have
forgotten
the
GD
be
rn
to
from
an
ey
PR within your
mat
infor
sour
and t re
GDPR rules such as right
ce ion
for iew
s and informat
shed
a rev
refre ide
or need
be ngs
to . Alo
of your data, you will
ation
ion from the IC
e journey ganis
th too
priv
nee
ed
acy
d
ifi
.
to
poli
pl
bility
review the data
cies
m
porta
O
Wondering what
to ad
prioritise?
It's
not
late
to
get
GDPR-ready.
We've
simplified
the
journey
si
data
and
ar
and
pro
sation.
y. We've e at th
ga m ni of
hav
or tto
have policies in plac cedures you
are
plac R:
e. there
this steps
yo e ur bo
You ma
graphic
light e of in GDP
y alre
t in organisation.
e cy und
within five
get GDPR-re
to o data
with
these
hands-on
to Revi
GDPR
your
er men
state
to compliance
. applying
the Dat
PR
priva within
te
D
nt
a
la
G
curre
Pro
nee
your
tect
as y ady
ng
ew
to
d
ion
yi
t
to
le,
Act
be
pl
refreshed for
but the
to tell peop , such
need
will
will rule
GDPR
se? It's no nds-on steps to ap
hic.
tional things you
s such as
ap
of a addi
and
gr
ber
dat
num
righ
is
a
data
,
th
t
ha
por
to
data
re
tab
be
e
of
their
ility
ensu
forg
g
.
otten
be to
essin
ld m
for proc
hese fiv
botto
basis
ce e proje
Links
to any
relevant
resources
and
information
from the expla
ICO ining
are your
at lawfu
the l bottom
of send
this com
graphic.
complian
at th ct e shou
step in
the ICO.
ar
to
ts
the
O
of
plain
e
The primary
IC
awar
e
are
to
ion
th
right
m ma ers
Rev perio
fro pri
iew ds
in your organisat
n ion
e
you and
io Th
mak
r cur their
retention
rent privacy
decis
ry ste
cy notices and
senio
form r at
that
p in to an help
stat
tice
d in
em for
prac
ent priva
y comp
overcome any problems
in ligh
a num
es an
a free code of
tha
REVIEW
able
liance project
WAR impa
nio , r are
ENES ct S it’s likely im to pa t se have
decis
shou to
ion makers et.
also need
ld be to ensure
in You
your will
ct off any needed budg
SS
t of their
ides
GDPR
of additional things
. re are
data
: the
The ICO prov ber
use
t how
will you
nee will
people abou you
d to tell ority
lain
ing icate
mun
com
your to
for such as
organ
how to exp
law
ful also
auth people,
ges. aw
basis act
isa chan
inter
areas, and can sign- it’s likely to ever
tion are
with
for as pro
the
have yone
ard
onbo
ces
is ab
, are
sing nal
can
rete
ts
are
the
S
are
men
ntio
so
ir
state
of
dat
n
le
as
y
ES
teers
per
.
a,
the
to
,
polic
iods
volun
dat
an
ilities
he
EN
Your
and
a
d can sig A
and the
R ff any ne
lp overc
responsib
educate staff
of d their
righ
n-o
t to e sen
awar
ensu
e re
any problems
rs to ir be
complaints to dy the ICO
The s ICO
be to om
educate staff AW
data
ld et.
ed the
and pro
ou dg
vide owne
sh bu
employee
s a free cod
.
have alrea
and vo pli lun
who
on ct ed
Yo ar u e wi of ll th
pr
up oje
e of ities
ce rs
Read
practic
an tee
look at char
als e o need to
e for
R
how
t is to
e aw
privacy notices and
poin
so nis
to ing
ar
com
me a GDP
ev at
y com rt.’
start
munica
ion
ery
good
an ‘expe
.
A
Hire or beco ar
on
in
ilities
te
s
e
own.
to
p
onsib
The
primary
step
in
any
compliance
project
should
be
to
ensure
is
peo
your
ga
resp
lem
to
on
ste
it
ple
or
t
your
y
ob
bo
abo
adap
ur
ut how you
y pr ard with change
and
Hire for or char
yo
ies and
ities
You
an
in know
polic
prim
cy
s
e
r
poli
priva
will
m
be
er
Th s e guid
ance
cy
their
use
co
co
ak
stat
ted
me
m
er
the
em
upda
s.
could
ICO’
ir data.
ov areas that
ents can
a GD
that senior
ion regis
to
he
also
makers em
in ploy
your ees
organisation
are
aware
iden
de
r char
and
act as of
ter
le to ‘ex
pe lp tify
nio IC
the the
also need decision
ab PR
rt.’ Re
O’ cis
risk
internal author
s ity’s
gu
that
u wi
your
and data owners to
ve e , ar
up ll on
at se
ha nc
Look
et. Yo ad
for e ch ed
to ida
ges. to have, are able
dg
chan
ties bu
be problems
th it’s
aware of their respon ity for
impact
likely
help
overcome any
Lo lik
an
wi the
ct it’s
ok . ely
d kn
A good to
y ty’ ne ari ed
at sig
ar
ow
yo n-
im e pa
star
lems
bo
f an
yo
ur of ch
prob
ting poin
on
ur d res
sibi
caus
is
ari
litie
dy
t
is
ne
po
alrea
to
n
s
are
ns
yo
look
ris
that
ca
ibi
er
k
at
ent
d
lities sign-off
cha
rities who
man
.
r ms
use
s, an ca
areas,
and can
any upd
needed
budget.
will also
need
to have already s.
s so ev register and ide
senio
ated the
ea trust
or pro
ees
te . er agem
ble lun
ir privacy You
ntify rs.
Iden ar tify
vo
policies and adapt
areas that co
and and
cates for
ff fy
sta GDP
e Ide
e othe
can become advo
th
uld
it to your own.
nti
R
on
educate
staff
and
volunteers
so
everyone
is
onboard
with
changes.
trustees
educ d at with
up
ad
on boar
.
data
or
of
Re
’
foul
ies
se
nio rt.
fallen
pe
r have
mana
who
onsibilit
on bo
ities ‘ex
sp
ge
PR
ard
ples
GD
ur a re
nt
exam
a char
yo me
tha
th GD
uld
me of wi
Highlight
t are
ber
co dy
co
PR s an
kn n ow
num
at ea
be
fined
th alr
an d d ca
ICO
s of
the
ea
itie
Hire or
2017
be
ar
gh exam
in ple
ar
co
ple,
lig nc
ify
ht e ex
nt the
r ch
For
Hire
or
become
a GDPR ‘expert.’ Read up on the
. Hi
fo am
ad large
ide me
of
voca st tes
d Act,
fine
regulation
s k of re Prote
r an
te
for
guida
ch
gis
s reg
ction
others.
ari
O’ for
tie
IC
s
Data
who have ICO’s
ulatio
the
’s ex ris
ching
ity
n.
ar
Fo
fal
ch
guidance
r
charities ok at brea
are
len
ur
am
Welf
al
fou
yo
ple, Fund
Anim
dy l of data for charities and know your responsibilities.
for
ea
in
20
nal
alr
ch
Lo
17
e
natio
ari
Inter
ar
the
tie
the
s
at
to
g oblem for
goin
O of
s. breaching the
fin up
£17
ent th
£18,000 us
rs. er of
REVIEW
em
Look
at
your
charity’s risk register and PO
identify
that could
a ot
fine
he
a IC
nu
ag
LICY areas
mb
e pr
d ta face
for to
man
woul
Da
s ed
£1
ca Unde
char r ity
8,0
R, ing
00
se
ote vo
r GDP
cti ca
or the
on te
es
e ad
Ac ul
(IFAW). en
to nio
m Pr
ste go
the
tru
da
lar ta gest fine of
of problems.
n be
ern
tify AW
ca
ati co
ver.
fo t, the
d Int
Id (IF
onal
turno
n cause
al an
ility on you to prove that you
annu
lle
Fu
). its
onsib
fa
of
PR
Un
resp
nd
ve
de
extra
for
GD
is
r
ha
million or bo 4%
GD
th
An
there
o
R,
of
wi
im
how
PR
r
nd Identify
wh
d
r GDP
te
s ch
ar
Unde management
n arou
paig
itie
lfare of or senior
trustees
that
are
already
cam
s , the
arity
on mi
a num al be We
enes
char
llio
awar
ed
wo O uld
n
on securely, with appropria
s of of
fin
loyee
or
mati
emp
infor
4%
ple
fac
e
free
onal
IC
am
ides
e
Create an
pers
fin
e
g
its
a
prov
th
ex
st
essin
fin
ICO
an
ht
proc
ge
e
17
(the
nu
are
of
on
lig
lar
20
al mati
up to GDPR
e
turnover. tion Ac on
Cr and
, in infor
High
onal
t data breaches need to be
eate hand
t, th board
with
and can become
advocates for others.
£17
ple
am ye
r le ex pers
plo
they store
Fo em
otec
place to protect it. Significan
e
. an
in
s
Pr
ar
e th aw
sure
ted.
ta
elf
mea
lat y ion
are
affec
W
ls
Da
gu
ne
al
idua
e
the
re
indiv
ss
im
the
ca nd
to data
and of
mp fo
r An
of charities
who
have
fallen
Under GD
aig
. s sto
an
the ICO foul
ea d ch
n Highlight
tely
aro
ha ing
materials)
PR
r br
Fu
edia
to £17
ndle te pe
, the
un up w examples
fo re
imm
re to
ion
is extr
reported
rso
aritie
a responsibility on
rnat
na al l inf
ch ma
a (th fine d of ho
terials).
orm
rity
are in pro
face
you in
For example,
2017
the per
ICO
fined
a t secu
number
of are
on regulation.
uld ati
cessing
to place
ing to the In
prove . Secu
e ICO provid
rity softw
that you
son the
al info
lates
rma
£18,000 go r GDPR, the charity wo
es
have
tion
you
fre
sec
sure
e
e
ure able
me
Trust's
Mak
ly, with
asu
Tech
res in
.
from
de
app
for breaching the Data
Protection
Act,
the
largest
fine
of
place to are
rop
avail
riat
are
w
e
pro
tions
ho
tect
dona
nd
(IFAW). Un of its annual turnover paign ar charities
it.
Significant data bre ities.
softw
ou
virus
anti-
rep
and
orte
d imm
m
ides fre
edia
£18,000
going
to e the International
Fund
Animal
tely for
for eligible char aches need to be
e Welfare
to the
ramm
ICO and
million or 4% ployee awareness ca ation (th
e ICO prov
to the wher
run the
tt-exchange donation prog
ible, cted
vidu
m
e poss
als affe
and, to indi
.
(IFAW). Under GDPR, the
would
face m a upda
fine tes,
of up
£17
Ma charity
ke on
Create an em d handle personal infor
syste
sur top
any
of
e
you
hav
Keep
e
the
more likely to
late
st
they
sec
m y as
urit
syste
soft
and
ation
war are
oper
they store an
ant
million or 4% of its annual
turnover.
e in place. Security
any
i-vir ion
us of
vers
soft
t
war
lates
e
don
atio
.
ns are available from
hes.
tt-e
patc
xch
materials)
rity
ang
secu
t
e
Create an employee awareness
campaign
around
how
lates
Tec
don
.
h Tru
ation programme to
hold st's
have the
data you
ypt any
for encr
eligible
as how
Kee
such
p on
cha
rities. onal data
mea
of sure
into top
any s sys
they store and handle personal
information
(the
ICO
provides
free
Look
tem
a pers
upd
ates, expe
and rienc
you
, whe e re
late
en and
st ld
ver the
t happ
pos
sion wors
a
sibl
of
have
e,
any
es
first
run
Shou
to
edur
ope
the
materials).
need
proc
rati
you
right
,
on
the y are
have
tem
you
as the
hav
e sure sys
GA ct P your
e ch,
mak
the you
latest
shou
mo
r to know how to prote
AN data
sec ld
In orde
brea
urit
AL g YS
it. likely to
y patche
rt re
activ
IS ities. Data mapping
In ord pictu
processin
er to re kn of ow
Loo
it and
to detect, s. investigate and repo
k into
in place
ch asu
brea me
how your
complete
res suc
data
to pro
h chec
guidance.
as how
see how the regulation
er
you
furth
tec
s
complet g e a pic
help
to
t
offer
will
enc
yo
klist
ysis'
ryp
ur
Sho
anal
t
da
any
uld ICO'
urity
'gap
ta, area
-sec
the s wor
data you hold.
ture of it and
data
uctin
yo
u
st
or cond
need
ne
hap
The
that
ed
s
pen
to
and
any
your
first have a
you experie
or nd
iden
pro tify
and
cess
breach, you should
uctin
orga
g a nisat
to your
ies co
'gap ion,
appl ap
make sure you hav nce a personal data
an
alysis' will he ing activities. Data mapping
plies
ent.
e the right procedure
data breach in plac
ovem
lp you see ho
ur org
ion to or yo impr
tigat
inves
anisation, and
st have a
e to detect, investig
s
w ne
the
to fir
reg
ed
investigation
ula
u
ide
ate and report it.
tio
The
yo
n
nti
g
, and
ICO's data-security
of
fy nisat
an
or improve
da y ta
ion,
appin
are
as
t your
of pr your
tha
checklist offers furt
Da
t to nt.
me
audi
t ne
otec orga
on ho
mati ow
ities.
ed ta m lation
tiv
w
ac
nise an infor
her
g
Orga
guid
sin
anc
e.
to kn nts and activ
e regu
Orga In nis
ur pr s. oces
w th and
e de
an r rtme
and ity yo area
depa
inform
see e ho from
idual or
of it au
indiv
re
ation
lp yo
tu onal
e it u cam
ed
he
wher
hold
te pic
indivi co
you
' wi
of sis yo
ple
du t m
ur ll , org
al
eas that ne
aly
the
de
all
an dit
pa pers
an
p data
men
rtm g en
isa an
Docu
'ga an
tio y n, ar an
ify
a ts
nt
tin
ide
d
d
d
uc
of
ac
Docu or
tiv
an
nd
,
it. ganisation ity areas.
co
e with rso
nt shar
all the
will
you me
who
ur or all
ents or a selected
l da em
to yo pe
who yo
ta en
yo R t. u requ
at im na
u pli
hold, irem
wi es
ll to
ov GDP
sh look
where
pr the
may ap wish
data
You
of
ent,
with
it ca
or
cons
it.
, an
me
ion
at are
ion
fro
You ma
s of individuals,
tig
m d and how to protect your data, you need to first have a
right
the
es
nisat
e.g.
order
y
s,
inv
wi
area
or In ga
sh
-risk
ur
to look at all the audit
high
yo risk
few
ter. to know
of ity's
regis
char
few high-risk
your
GDPR
rding
mat to ion
acco
s.
s,
or
req
esse
ea
complete
picture
of an
it d and your processing activities. Data the
mapping
inf
uir
are
ar
ch proc ga
of
em
an
as
from
brea
val
ity
e
en
e
,
remo
tiv
e.g. ding
ts or
nis
25th May 2018 is just the
the
d of ac ind
gs with the
a it se ca
Or ce wins
an savin
breach pro
cost
lec m ted
a quick fix-
ts hts
to be how
en rig
where
inclu
ded see
ld,
inten you
ividu
pa
is not
tify quick
u ho
need to
or
conducting
a 'gap analysis'
help
the regulation
als
GDPR will
Iden
al - , de
ac
, co
ta yo
co rtm
du es
nsent, da
rdi pe
ivi ss
ng rs to on yo
al ur da ch
ind
Identify qu
compliance journey. You will
your
ta
of
.
end,
d
biar
e
the
.
te
ick
cam
ari
th
not
data
g,
res
ty'
lec
wi
icate cumen
t - all
se
beginnin
dupl
ss
inc
applies
to your
and identify any impr
areas
that your
need
to k asse
reg
or a organisation,
sob
lud
charity handles personal
ts your
help s ful ris
ribe
is quie
it vin
er.
it. qué
Esc
en
duplicate s Do
: ns
toolk
how
m
th re
ESP
ove
st
wi nt co
ire ist
ssme
sa Man
e ing
asse
and
qu
PO
w
ar
self-
da
re
o
LIC
revie
ta
gs
free
ta.
sh
lly
text
Y
ll
tu
da
wi
PR
inua
ICO' wh
ions.
RE
tén
th
t,
wi
cont
The
nisat
VI
GD
u
the
en improvement.
orga
EW
ns or
met
rem
the ium sized
o yo
tu sma
investigation
co of
en
all med
ov , al
The ICO' ce
to
ES
GDPR is not inte
k at ll a.
P: cate
duals
d to at
aime
is Es
fre
and
cr
ib
sh es
plian s Enfó
e loo
information. nded to be a quick fix- the
com
lf-a
so
hts of indivi 's risk register.
ay
br too
e th lki
e rig
u e m se
sm
qu
pie.
complianc Yo
al ss
y wi
beginning, not the
En
25th May 2018 is just
ity mbi
s, en e. t g.
ie
re ch to
ca
t é
e cort
is to qu
s ar ca
te
area
an fó
he
k ed
en
ur ul
d o is
end organisation,
ris
yo lpf
, of your complia and
oval of con audit
tu
h- aim
m
ar
m
re
as
hig
you have the the
.
et
e
ing
se
Organise
an
information
of
your
of ney that
w
at
a.
th
rd
ss
fe
show
sm
M
to
nce
th
co
yo
all to me an
corto y al esse
ur
tinually rev
té
must be able jour
gs xt wi
. You will rate
you rov
diu
vin
iew May,
te
sa tu
and imp
25th
nee willin
st n siz
After
o isatio departments
d to g to
e. s, ac
ed
co m
e bility
organ
how
ing
demonst
and han
you
, rity
breach proc pi wi
lud
individual
and
activity
areas.
r
place
info
.
cha
in
inc
rma
-
ar
ns
tion
unta
.
bi your
ns
. dations of acco
dles arise
m
person
ca
ick
s
ss
foun
qu
. al
re
se
tify
ie
as
they
qu
s as and
Iden
é
ul to all the
issue
any
lpf
qu
lve
Document
personal
data
you
hold,
where
it
came
from
he
e
reso
s.
to
is
br
.
ICO
o
it
ion
the
ta
so
olk
tu ed te or xt ganisat Afte work with
te systems and
cr se ib ss e ment to a.
n siz
té you
duplicate da
an ium
M
ES e P:
lf-as
r 25t
to demonstrate that appropria into account
se Es
ed
who
will share with it.
et to m
able
h Ma
are
m all
y, you
e who
tu sm
Thos
mu
st be able to that
te en
takes this
The ICO's fre
ICO
ed at
the
w a tha
fou
En
nda
will find sho
is aim
t you
tion
d ca
place
in requirements
have the
s
an fó
of
are
You
may
wish
to
look
at
all
the
GDPR
or
selected
acc
ing
ce
oun
think
e.
an
tab
pi
pli
ility
m
in regu
n.
plac lator
co
e, and
y actio
work with the they
dem
corto y al
any
onstrate cy
ider
cons
ICO of
ing to
to individuals,
when
ies.
high-risk areas, e.g.
the
rights
consent,
data
res
olve any prac
priva will polic
issu
and
es as
tices
Those who are
the data
POLICY REVIEW few
y aris
w your
e.
ly revie
dical
able
Perio
to dem
breach
processes,
according
to
your
charity's
risk
register.
ons
by keeping them
trat
ees
e
trust
tha
t
with
thin
app
data
da
the
king
ropriat
agen
the
are in GDP
on
e
to review
R
sys
need
plac
tem
ents,
will
e
Keep
s
you
lopm
will
,
and
deve
data
find
y
your
that the
Identify
wins - including
cost savings
removal
of lator
the
rtant s regu
a review of
impo
when they con
on ICO
already
take
news
t with
this
. You may quick
lates
into accoun or
Alo Alon
of the
ngsid gside
r any
abreast side
regulatory
e a polic
edures you have in place duplicate
rev ies
iew and
acti may
data.
on. have faced pentalites t
will
cy
Periodically well
of yo proc
that
they
priva
ities
but
ur
char
r
Act,
da
othe
rev
priva
ction
as
ta,
iew
Prote
yo
as
you
cy policies
r pra
r the u Data
will need to rev
ctic to
ESP:
Escribe
qué is
quieres
cambiar.
in d place
s. a priv your
dat
policies an
tten
your
Keep GD sobre
proce unde
have
forgo
The
self-assessment
assess
be ICO's
iew
acy policies.
similar es to and
to the
s helpful
dures yo
PR com
have
e issue
as right
on toolkit
the
da
over
age
policies be in refre
ta free
R u rules
nda
have such
with tu
for GDP
in
shed
trus texto
place
tee
Enfócate
meta.
Mantén
to
s by keeping them
abr en
eas at
unde
t tu
of small
u may already
and is aimed
medium
sized
organisations.
the
r the Data Prote place. Yo compliance
need need
late to
st
to be ref porta
new
s
on
imp
.
ta
res
orta
bility
cti
on
hed
nt regulatory develop
e y da as
data
th
wel
corto
al
pie.
w
l
as
oth
t the
vie
and and
er
re
cha
y
ments,
data portability. for GDPR rules such as Act, bu
to ll
rities that
dy
are may alr
ea rco
ll need
R: wi there
wi GDP
rig
ove
t in
, ht yo to u of be
u
me issues similar to may have faced pentalites or
men
ta light
for in
cy state
go le,
ur da
ce. Yo as
tte such
pla
n
of yo
yours.
ew your current priva
ll
ve
wi
view s you
ha
peop
re
ey
tell
u
a
to
th
yo
t
Revie Revi
need
ide
will
bu
es
gs
w your ber
l thing
tiona
addi
cu Al
tion Act,
of
rre on
d procedur g Da
nt pri
a num
Protec
, data
otten
ies
vacy
ta data
lic
a numb
sta an
po
essin
tem
proc
the their
for
en
ivacy
er of
ht to be forg
l basis
t in de
pr
rig ICO.
un
addit
lig r ht
your
ce
ining
ion
of ru GD
expla
the
al lawfu
su
to as
thi
ts : ch
plain
les PR
ies
com
s in
the
lic ng
explaini
yo pla
send
po
re
to
u
PR
wi
are
right
ve
ng
ll
GD
their
ne
ha
r
and
yo
ed
ds
fo
ur
perio
to
shed practice tel
es and
retention lawful to
l pe
notic
ba be
cy su
ople,
sis re
priva
for
for fre
retentio
pro
ch as
code
n pe
ne
a free
riods
ides
prov
. of ssing their da
ICO
an ed
ity ce
data. : there are
d the
bil
their
ta, will
use lig
rta
data
rig
The IC The
ta ir po
t how you
ht of GDPR such as
to se
abou
le nd
d da
O pro
peop
to ht
in ority
icate
comp
vid
ent auth
mun
es an
m
com
to
lai
te
a
how
nts
fre
sta
e
to
nal
co
cy
the
inter
ll people,
de
how to comm
iva
te for
IC ed
as the
of cu
pr for
O.
act
to
pra
nt
also
cti
can
rre
ts
ce
ne
men
ll
un
state
y
ur
wi
polic icate Re
u notic
ilities
cy
onsib
to vie
s of yo
resp
pe w op yo
ing
their
da . ta, data
th pri
e va
Your po Your
es
le ab ad
eir
an
be w al awar
to
ou dit
g d th dy
rs
licy loyee
t ion
owne
ho
sin
data
statem
es
and
yo
s en
of
oc
u
r
pr
wi
the ICO.
r
emp
be
ll
ts
alrea
use have
ca m n also to ac
sis fo who
their da
a nu
employees an
ities
l ba
fu char
at the
mplaints to
law
is yo look
t ng
nd co ta.
ur t as
poin
ing
d start
se
int
da
ern
to
tices and
ta
good
A
al
ht
ini
ow
au
own.
rig
ne
pla
tho
your
rs
ex cy to
ivacy no
rity
A good startin
their t it to Alongside
pr
adap
be
d
for
r
and
a
review
of
data,
you will need to review the data
fo
an
aw
ies
.
e
polic
are
ds
tic
priva
rio
of
ac
g
their
the
eir data
pr
ted po
th your
int re
ir de
of
ion k pe
e
res
is te
us
to nt loo
po
ll
co
ns
wi
e
updated upda
ibi
u
liti
at
fre
es
ch ide
w . yo
ari s tie a s who ha privacy
their privacy po ICO prov
and
procedures
you have in place. You may already
out ho policies
ority
ab ea
le alr
: for
FAQ
op ve
e ies and adap
l auth
ities
pe
na
Th lic
char
er
dy
to
and
R
int
te
GDP
e
.
ica
ies-faqs/ Act, but they will
th
ICO
ies the
as
ilit
mun t it to your
rity/charit
have
in
place
under
Protection
/cha Data
sib
tions
o n. act policies
nisa
ow
als
spon
orga
how to com te
can http
eir re
o.or
ts PR
s://ic
of th /for-
men
GD
e g.uk
ar be
and
sta ICO
cha
eady
be aw
need
to
refreshed
for
GDPR
rules
such
as right to be forgotten
ritie
alr
to
s
FAQ
rs
ve
:
ne
ha
Your policy d http
o
ow
s://ico.org.uk/for
s wh
itie ani
ar
an data
ch
:
-org
ities
k at
char
and
data
portability.
ance
ion
ur ow
employees
guid
s/c n. har
ICO
yo
ity/charitie
to sat
rity/ qs/
it for
point is to loo
/cha s-fa
apt g.uk
/for-organisations
od starting
s and ad o.or
AWARENESS
SECURITY
SECURITY
P
AL SIS YSIS
GAP
ANALYSIS
Y
W
POLICY
REVIEW
GAP
ANALYSIS
ONGOING
ONGO REV
ING IEW
REVIEW
ation :
M info ore rm inf at orm
M
or
e
ion :
POLICY
REVIEW