The Solva Care Toolkit

9 – Solva Care: data protection


The General Data Protection Regulation (GDPR) is legislation that came into force on 25 May 2018, and sets out how organisations need to handle personal data; it supersedes the Data Protection Act 1998.

Why does this concern us?

Consequences of non-compliance are fines and the associated bad press.  But, as a caring organisation, respect of everyone’s personal data should be just one element of ‘doing things properly’.


This chapter is less about how we have done it – as we have had to modify our existing systems to comply – and more about signposting you get the best advice in order to set up your own processes from the start.

The Information Commissioner’s Office (ICO) has a lot of good information and help for ‘Small Organisations’ and ‘Charities’.  These includes guides, checklists, FAQs and an advice helpline.  Their data protection self-assessment toolkit is interactive, and will assess what your organisation needs to do to comply and generate a checklist.

The Charity Commission for England and Wales, Charity Commission for Northern Ireland and the OSCR (Scottish Charity Regulator) can also help. The Charity Finance Group (CFG) has a useful GDPR Guide for Charities.

Speak to your local volunteering organisations; they may also be able to put you in touch with similar, small organisations who have experience of GDPR that may be willing to share good practice.

Our Toolkit chapters – Solva Care: a communications strategy (Parts 1 & 2) provide suggestions on how to deal with communications and electronic data and our future research and evaluation chapter will touch on when you use personal information in any research that you do.  

It may seem daunting at first, but there are straightforward steps that you can take at the start that mean that compliance, won’t exactly come naturally, but will be relatively simple to incorporate as you go along.


Toolkit Chapter 9

Read other chapters

Registered Charity Number 1172878