Key principles for the new Privacy and Data Protection rules include ensuring that you obtain consent, that you have good internal systems and are accountable, have secure data storage and only keep information that is necessary and for no longer than necessary.
Here are some practical suggestions that will help ensure you're compliant from the start:
Review where and how you obtain and store personal data and create policiesabout storage and retention e.g. storing paper records, enabling the right to be forgotten, dealing with data breaches and having suppression lists for marketing
Carry out internal staff Privacy Training - for example password protection rules and never leaving computers unattended whilst logged in.
Have you got a Privacy Notice and is this easily accessible, for example on your website? Does it show what someone interacting with you might expect - whether via your website (e.g. cookies on computer), sending you a funeral donation, or becoming a client.
Think about future marketing to individuals already on your database and whether you will post to them, or will you send electronic marketing for which you need clear opt-in consent.
Are all your webpages now delivered through https encryption ?
Do you use MuchLoved's GDPR compliant Donation Processing service for dealing with all funeral donations?
Please do Get in touch for more information about MuchLoved's Donation Processing service
