Data protection laws are constantly evolving, and it’s essential for charities to keep their privacy notices up to date. If your charity’s privacy notice was originally drafted when the General Data Protection Regulation (GDPR) came into force in 2018, it’s time to review and update it. Here’s why.
Why you need to update your privacy notice
There are two reasons your charity should revisit its privacy notice:
- Changes in UK Data Protection Law
- UK GDPR vs. EU GDPR: Following Brexit, the UK now follows the “UK GDPR,” which, while still broadly aligned with the EU GDPR, has notable differences. For example, international data transfers are now assessed based on transfers outside the UK, rather than the European Economic Area (EEA).
- Legal developments and guidance: New case law and guidance from the UK Information Commissioner’s Office (ICO) have shaped the application of data protection laws. Privacy notices must now provide more detail about third parties with whom personal data is shared.
- Expected reforms: While UK GDPR reforms are expected in 2024, they are not expected to be revolutionary. However, any changes should be monitored to ensure continued compliance.
2. Changes in Your Charity’s Data Processing Activities
Even if the legal landscape had remained static, the way your charity collects and processes personal data has likely evolved. Key considerations include:
- Expanding services: If your charity has started selling directly to consumers rather than only working with businesses, your privacy notice needs to reflect this.
- New data collection practices: If your charity now collects medical information or other sensitive data for a new service, this must be addressed in the privacy notice.
- New entities: If your charity has established a subsidiary company and shares personal data between entities, both organisations need appropriate privacy notices.
Keeping your privacy notice relevant
Like data protection impact assessments and legitimate interests assessments, privacy notices are evolving documents. They should be reviewed regularly to ensure individuals clearly understand how their personal data is used and that your charity remains compliant with current data protection law requirements.
By keeping your privacy notice up to date, you ensure transparency and maintain trust with those who engage with your charity while meeting your legal obligations.
Disclaimer
This information is intended for general informational purposes only and does not constitute legal advice. We recommend seeking professional advice before taking any action on the information provided. If you would like to discuss your specific circumstances, please feel free to contact us on 0800 2800 421.
