Data protection policy
Estimated time to complete this document
This document is right for your organisation if:
- You hold personal information about individuals as part of your activities. This could be information about employees, donors, supporters or any other individuals.
- You are not doing anything complex with the personal information that you hold and require a basic policy setting out the principles which your organisation follows to comply with data protection law.
This document is not right for your organisation if:
- You do not hold or process any personal information about individuals.
- The information that you hold about individuals is sensitive (includes details about a person’s race, political opinions, religion, physical or mental health, sexuality, criminal record or trade union membership). If your organisation is processing sensitive personal information, bespoke advice about how you process that information is necessary.
- You need advice on consent statements or using data for marketing or fundraising purposes
Please note: If you would like more specific advice on data protection and particularly data collection statements (including opt-ins or opt-outs), please contact BWB at email@example.com and a member of our legal team will be able to give an estimate for providing bespoke advice.
What do I need before I start?
You will need to know:
• Your organisation’s full name.
• Who does your organisation hold personal information about, for instance volunteers, employees, donors, supporters?
• The name of the role or the individual at your organisation who is or will be responsible for the organisation’s data protection compliance, e.g. data protection officer. You will also need the contact details of the person who will be performing that role.
• What security measures your organisation currently has in place or will have in place by the time this policy is implemented to protect the information that you are holding. You will need to liaise with those members of your organisation who assist with computers/ IT to find out whether you have access to the technology needed for certain security measures, for instance encryption of laptops and memory sticks.
• The name of the person at your organisation who is responsible for computers/ IT.
• Whether there are any situations in which your organisation transfers personal information outside Europe.
• Whether your organisation has notified or registered with the Information Commissioner’s Office.
• How regularly your organisation reviews its ICO notification (if it has one)
• How often your organisation plans to update your data protection policy
• How your organisation refers to board members, i.e. as trustees or directors.
Remember: If you don’t have everything you need you can make a start, save the information and return to complete the form another time.
Q: What is the process?
A: Once you have logged in and paid for the form you will be asked a series of questions. These questions help us to create exactly the right document for you. There is lots of information to help you. Once you have finished the document it will be emailed to you with more instructions about what to do next.
Q: What if I don’t have time to complete the form?
A: If you don’t have all the information you need or if you get interrupted you can save the information you have inputted and return to the document later.
Q: What if I want more information about other policies?
A: You may find some of the other resources on BWB Get Legal helpful, there are a range of different policies available that may be useful to your organisation. If you would like more specific advice about your organisation’s circumstances, please contact BWB at firstname.lastname@example.org or 020 7551 7777 and a member of our legal team will be able to give an estimate for providing bespoke advice.