General Data Protection Regulation (GDPR) is a new, Europe-wide law that sets out requirements for how organisations will need to handle personal data from 25 May 2018.
We know that charities are getting ready for this and may have a number of questions. Here are some useful sources of information:
We’ve also had some queries about how a SCIO’s register of trustees and register of members are affected by GDPR and the answers to these queries are below:
Generally both registers should be available to anyone on request. However, where a request is made by someone who is not a trustee of the SCIO, if the safety or security of any person or premises could be jeopardised by releasing information about charity trustees the name and address can be redacted. In the case of the members register only addresses can be redacted.
Information from the register of members and the register of trustees must be kept for 6 years after the person ceased to be a member or trustee. The information that needs to be kept is the person’s name, the date they stopped being a member or trustee, and in the case of former trustees any office they held within the SCIO, such as chair or treasurer.