Cookies on Knowhow

We use cookies in order for parts of NCVO Knowhow to work properly, and also to collect information about how you use the site. We use this information to improve the site and tailor our services to you. For more, see our page on privacy and data protection.


Skip to content. | Skip to navigation

Search ncvo knowhow

  • How to comply with GDPR

    Every organisation that processes personal data should be compliant with the GDPR but getting to grips with GDPR can be daunting and it can be difficult to know where to start. This 12-point plan, adapted from the Information Commissioners Officer (ICO) guidance, is here to help you take the right steps.

  • How to use the Data Protection Act 2018 alongside the GDPR

    In all the hyperbole surrounding the General Data Protection Regulation (GDPR) it may have been easy to miss the UK passing its own updated data protection legislation – the  Data Protection Act 2018  (the Act). This came into force at the same time as GDPR on 25th May and replaces the Data Protection Act 1998. The GDPR allowed individual EU states some flexibility to add their own detail in relation to specific areas. The Act fills in some of those gaps as well as bringing the GDPR into UK law. It is important to note that GDPR applies in the UK unless government choses to get rid of this legislation after it exits the EU.  Here are some of the most important points, outlined in the Act:

  • Data protection and GDPR

    Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.

  • Data protection and digital technology

  • Keeping records, data protection and IT

  • F - K

  • How to protect your charity’s payroll data

    With GDPR now in effect, the  National Cyber Security Centre’s assessment  of the risk in the charity sector suggests sensitive, valuable data may be at risk in many smaller charities. Breaches of procedures through carelessness, ignorance, or multiple (usually unauthorised) sharing of passwords has exposed organisations to malicious attacks. These can also be insider attacks, motivated by grievance, greed or external pressure, meaning organisations need to be secure both internally and externally. For charities dealing with employees’ sensitive personal information for payroll purposes, whether internally or through a third party, it’s s essential to ensure the right processes and procedures are in place to safeguard data. Here are four steps to ensure that systems and providers make the grade.

  • Data protection and fundraising

    How to collect, store and use people's personal details.

  • Legacies

    This article takes a practical look at legacies and explores ways that charities can encourage legacy donations.

  • Policies and procedures

    A clear, appropriate and coherent set of policies and procedures help ensure that your organisation is well run.

1 2 Next

Help us to improve this page – give us feedback.