Charity law is changing. Click here to find out how the changes will affect your charity.

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) is a Europe-wide law that sets out requirements for how organisations will need to handle personal data. This came into force from 25 May 2018.

OSCR does not have any guidance on the requirements of GDPR and can't provide advice to charities, but here are some useful sources of information:

  • The Information Commissioner’s office (ICO) has guidance on GDPR which is applicable to all sectors.
  • The ICO's SME Web Hub contains guidance for small organisations (including charities).
  • OSCR has a series of blogs from Alison Johnston from the ICOs Scotland Office about GDPR: oscr.org.uk/blog.
  • The Institute of Fundraising has guidance on GDPR: The Essentials.
  • SCVO's Data Protection guidance contains more information and resources for charities.