On 15 May, we brought together more than 50 organisations at our National Volunteering Forum to discuss how the General Data Protection Regulation (GDPR) affects the volunteer journey.
We don’t think ‘GDPR’ needs to be a four-letter expletive. We wanted to welcome GDPR and all the good practice it brings in a fun, open and collaborative way, to help volunteer managers beat the GDPR-blues this summer. We even had cake for the occasion. See our Twitter summary of the day.
Evolution not revolution
Key to taking a positive approach to GDPR, is taking stock why we’re doing it. On this theme, Ailidh Callander, Legal Officer at Privacy International, reminded us of the case for GDPR in protecting people’s right to privacy and control of their personal data.
Expanding on this, Richard Sisson, Senior Policy Officer at the Information Commissioners Office (ICO), spoke on how GDPR is a necessary extension of existing data protection legislation. It is not intended to punish charities- its goal is to protect individuals’ privacy as the way we give, use and share personal data changes.
This is evolution, not revolution. Charities should already have measures in place to protect people’s data, and while fear over certain issues (such as the power to issue higher fines) is understandable, this is also an opportunity to get our houses in order.
Much of the day was spent discussing the specific issues volunteer managers face in becoming compliant.
Amy Symons, Volunteering Support Manager at Alzheimer’s Society, talked openly about her experience of tackling an ICO enforcement notice, and the impetus it gave them to get bad practice out in the open, and work to address it. One great idea was, holding a ‘data amnesty’, where staff and volunteers could ‘fess-up’ to their bad practice.
Chris Wade and Clare Sutton from Motor Neurone Disease Association, discussed how they were equipping their volunteers for their responsibilities under GDPR, by using learning sessions, ‘how-to’ guides and self-assessment tools. Damien Austin-Walker, Product Director at Do-It, then discussed the specific GDPR-challenges related to volunteer brokerage.
Gary Shipsey, a data protection expert from NCVO-trusted supplier Protecture, then focussed on some of the core principles of the legislation and answered practical questions from the floor. He emphasised the need to think of GDPR as about being fair and transparent to people and gaining their consent.
Support, advice, information
You can access all the slides from the day via Slideshare.
Throughout the day, questions were raised on challenges specific to volunteer managers. We will collate these questions into guidance for volunteer managers soon. In the meantime, we have GDPR support over on Know How Non-profit.
We run the National Volunteering Forum three times a year across England. You can see previous topics we’ve covered here. Our next Forum will take place in September, outside of London.