I’m afraid the short answer is no, we don’t.
That’s probably not what you want to hear but I promise there’s a good reason why!
The SCVO Information Service has had lots of requests for template policies and privacy notices so we know people are desperate to have them. But it’s a short cut that we think could lead to trouble. Let me explain why.
If your organisation is already complying with the Data Protection Act 1998, you’re mostly there already and you won’t need to do too much to get in line with the new General Data Protection Regulation (GDPR) which come in to force on 25 May 2018.
With that in mind, we’ve taken the view at SCVO that this is an ideal opportunity for organisations to review what they do and make sure their approach to managing information/data assets is fit for purpose. We’ve all seen the approach that the media is taking towards organisations that get it wrong, never mind the large fines that the Information Commissioners Office (ICO) could impose on you for a breach of the regulations.
If the ICO does come knocking at your door, you need to be able to show them that you have prepared for GDPR and that you’re taking your responsibilities seriously. A two or three page policy lifted from somewhere else just isn’t going to cut it. You need to have evidence that you know what you’ve got, why you have it, where it is and how you’re making sure it is safe and secure.
It’s not that difficult, but, it will take you some time to go through the process and put in place the policies and procedures that suit your own organisation.
The ICO 12 steps to GDPR is a good place to start, go through these steps within your own organisation and keep evidence that you have.
The ICO has lots of other useful resources and information to help you get ready for GDPR.
If you need more help, we have training courses which will help you start to draft your own data protection policy. We’re also running a conference, Get Data Protection Ready, in partnership with the Institute of Fundraising on 1st May, come along and get your questions answered by some of the experts, or some reassurance that you’re doing things the right way.
All of your organisations are different and hold different types of information and data, I’m afraid there is no ‘one size fits all’ model policy out there that is going to suit all of you, sorry!