I work for a registered charity, which is a youth organisation.

I'm currently looking for advice from other charities around "Data Protection".

We're aware of our obligation to obey by Data Protection act of 1988 and 2003.

We currently do abide by these laws, but from reading it seems we need to have a data protection policy in place?

I've a few questions:

1. Can anyone confirm that we are obliged to have and publish a data protecttion policy?

2. Is there perhaps a Data Protection Policy template that sort of "fits-all" for charities?

3. Are charities in any way exempt from any part of the Data Protection Acts (I believe in the UK this is the case)

3. can anyone who has experience in this area please advise me, and let me know their experience of getting a data protection policy in place for a charity/youth organisation?




Anthony Lindsay's picture

1) I do not believe  that

1) I do not believe  that anyone is obliged to have a data protection policy.  However, it's probably a good idea.  If you're engaged in activities to which the data protection act applies, then it's a good plan to have written procedures detailing how you are implementing the 8 good data protection practice principles.  Your policy is just going to be a declaration of what your organisation does about data protection.

2) Again, I do not believe so, as the activities of charities vary so much.  However, the 8 principles are a good framework around which to build any policies.  They are:

1. Obtain and process information fairly.
2. Keep it only for one or more specified, explicit and lawful purposes.
3. Use and disclose it only in ways compatible with these purposes,
4. Keep it safe and secure.
5. Keep it accurate, complete and up-to-date.
6. Ensure that it is adequate, relevant and not excessive.
7. Retain it for no longer than is necessary for the purpose or purposes.
8. Give a copy of his/her personal data to than individual, on request.

3) The data protection commissioners say that you are exempt from registering as a data processor if you are "organisations that are not established or conducted for profit and that are processing data related to their members and supporters and their activities."  However, that does not mean you are exempt from the act and your good practice duties itself.

4) Again, I'd look at the 8 principle above and see how your organisation can implement them, then write that down.

There's lots more guidance at


coloconnor's picture

Thank you so much for this

Thank you so much for this info.

I have certainly used it as a foundation for the 8 basic principles, while we work on a policy.

Further to this, can anyone recommend the best place, if any, for training in data protection?.

Is there any training specifically tailored to the community sector that could provide some of our staff with some insights around best practice.

Thank you

Colm O'Connor


palefire's picture

  Lunchtime Seminars


Lunchtime Seminars 2010

Thursday June 24th. 12-2pm, RUA RED:

Safeguarding and Information Sharing: ‘The Legislation Context and Tips for Getting it Right’.

Superintendent Pat Burke from the Garda Vetting Unit will provide an overview of the current legislation and best practice in relation to Data Protection, sharing of information and implementation of safeguards.

This will be an informative and interactive session which will offer clarity on how to manage and share documents safely.

Kind Regards


Administration & Communications Coordinator

CDI (Childhood Development Initiative)

St Mark's Youth and Family Centre,

Cookstown Lane,


Dublin 24.


01 4940030

Anthony Lindsay's picture



coloconnor's picture

Thank you for this

Thank you for this info.

Unfortunately I couldn't make it to that Seminar.


Are you aware of any other data protection training available, from any other sources.

Specifically if it was tailored towards the community sector?

If anyone has any recommendations of training/workshops they've been on in this area, I'd appreciate knowing if theres any good courses in this area.

Thank you.

Colm O'Connor

Anthony Lindsay's picture

I've been to a couple of

I've been to a couple of events on it run by the European Association for Planned Giving, who sometimes run events here.  There's nothing much on their calendar at the moment though.

I found a couple of courses in the training section however...


Data Protection Overview


Information Privacy

(please note that I can't vouch for either of these courses, but they may suit your needs!)