Guide to the General Data Protection Regulation (GDPR)

The main guidance supplied by the ICO, breaking down GDPR.

Preparing for the General Data Protection Regulation (GDPR) - 12 steps to take now

This document begins identifying the steps that teams or individuals who are new to GDPR should take towards compliance. A high level approach to implementation.

Data protection self assessment

An assessment to check your levels of compliance re GDPR, information security, direct marketing, records management and data sharing.

Guide to the Privacy and Electronic Communications Regulations (PECR) 

The main guidance supplied by the ICO on how we can communicate with persons/organisations.

Direct marketing guide

Links in with the PECR guide above, looking specifically at ensuring compliance when marketing.

Fundraising and regulatory compliance [PDF]

Covers issues such as wealth screening, data matching and PECR.

Data Protection Impact Assessments [PDF]

Provides specific guidance regarding the need and use of Data Protection Impact Assessments.

Children and the GDPR [PDF]

Provides specific guidance on how personal data from individuals aged under 13 must be treated.

Using consent as a legal basis [PDF]

Provides specific guidance about the use of consent as a legal basis for processing, including what information must be given/recorded to ensure legal compliance.

Using legitimate interests as a legal basis [PDF]

Provides specific guidance about the use of legitimate interests as a legal basis for processing, including the process by which legitimate interests must be recorded.

The right to be informed [PDF]

Provides specific guidance on what information must be provided to individuals if their personal data is being processed.