The Scottish Charity Regulator (OSCR) would like to advise Scottish charities that they need to prepare for the upcoming changes in data protection legislation.
From 25 May 2018, all organisations will have to comply with the General Data Protection Regulation (GDPR). Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements.
Under GDPR, UK citizens will benefit from new or stronger rights:
Scottish charities must be aware of all of their requirements and should prepare for the GDPR prior to its launch. They may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex organisation this could have significant budgetary, IT, personnel, governance and communications implications.