We use cookies to help us provide you with the best experience, improve and tailor our services, and carry out our marketing activities. For more information, including how to manage your cookie settings, see our privacy notice.


Skip to content. | Skip to navigation

Community-made content which you can improve Case study from our community

Data protection and GDPR

This page is free to all
Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.

The General Data Protection Regulation (GDPR) took effect on 25 May 2018. The legislation:

Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.

Read our guidance for charities on how to comply with GDPR.

Charity Finance Group have also produced GDPR: A guide for charities

Further support from NCVO

NCVO can provide further support through

See the NCVO data protection page for more information.

Support from the regulator

The Information Commissioner's Office (ICO) is the regulator for data protection and privacy law. Their website is an excellent source of information and support and includes:

Sample policies

It can be hard to write a policy from scratch. There are a number of suppliers of sample policies. These are intended as guidance only and should be developed alongside the guidance from the Information Commissioner’s Office to ensure it is specific to your circumstances.

Page last edited Jul 03, 2019

Help us to improve this page – give us feedback.