Please click here to read OSCR’s COVID-19 Guidance for Charities

Are you ready for data protection reform?

11 Apr 2017

The Scottish Charity Regulator (OSCR) would like to advise Scottish charities that they need to prepare for the upcoming changes in data protection legislation.

From 25 May 2018, all organisations will have to comply with the General Data Protection Regulation (GDPR). Although the GDPR shares similarities with the existing UK Data Protection Act 1998 (DPA), it also has some new and different requirements.

Under GDPR, UK citizens will benefit from new or stronger rights:

  • to be informed about how their data is used;
  • around data portability across service providers;
  • to erase or delete their personal information;
  • over access to the personal data an organisation holds about them;
  • to correct inaccurate or incomplete information; and
  • over automated decisions and profiling. 

Scottish charities must be aware of all of their requirements and should prepare for the GDPR prior to its launch. They may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex organisation this could have significant budgetary, IT, personnel, governance and communications implications.

To assist you, the Information Comissioner’s Office (ICO) website contains information on how you can prepare for the GDPR, including this document which outlines 12 steps to take right now.