Skip to main content

Your Organisation / Setting up an organisation


As of the 25th May 2018, new data protection rules come into place which put more emphasis onto the rights of the data subject.  All organisations are required to comply by the rules so, whether you are just starting out or have been established for many years, you will need to look at your policies and activities to make sure you comply.

1. What is GDPR?

GDPR stands for the General Data Protection Regulations.  These are a set of EU regulations which govern how personal data is collected and processed.

The GDPR will replace the Data Protection Act 1998 and is designed to provide data subjects with more control over how organisations use their data.  The ICO (Information Commissioner’s Office) will be overseeing that the regulations are adhered to and can hand out extensive fines for any breaches of the rules.

2. What do you need to do?

The ICO has created a 12 Step Guide to getting ready for GDPR which can be found in the links below.

It includes tasks such as undertaking a data audit, so that you know exactly what data you hold and how you currently process it, as well as reviewing what consent you hold and how you collect it.



Useful GDPR Resources

Preparing for the General Data Protection Regulations: 12 Steps to Take Now

Visit Now

The ICO’s special advice section aimed at providing charities with GDPR information.

Visit Now

Data Protection checklists from the ICO.

Visit Now

AIM’s ‘Success Guide – Successfully Managing Privacy and Data Protection Regulations in Small Museums’.

Visit Now

The Institute of Fundraising has produced a whole suite of guidance notes, downloadable resources and webinars.

Visit Now

This booklet helpfully flags up the differences between the 1998 Data Protection Act and the 2018 GDPR and points out where action needs to be taken.

Visit Now

Can you help?

Can you improve this page? Have you spotted any errors or broken links?
Please contact us with suggestions.

Get in touch


This toolkit is intended to be used as general guidance only and all advice is given in good faith. Neither Heritage Trust Network nor its specialist contributors can accept any responsibility for any liability arising from its use in any given context. We would recommend that further legal advice is taken before application of the guidance/use of the documents in specific circumstances.