GDPR Guidance

Guidance, insights and practical steps for organisations as they prepare for compliance with the General Data Protection Regulation.

Assemble holds an ISO 27001:2013 certification. The internationally recognised information security standard certificate - assessed by BSI - ensures the appropriate controls and policies are in place to safeguard data.



You’ve probably heard of the General Data Protection Regulation (GDPR) by now, and might have a few questions about how to prepare for it. Organisations are becoming increasingly focused on the implications of the new regulation. Where the GDPR was once a subject far away in the distance, it’s now a real priority for organisations of all kinds, from major corporates to small sized charities. Here’s what we know about how it might affect Assemble and our users.


What is GDPR?

The General Data Protection Regulation, or GDPR, is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU citizens. It replaces the Data Protection Directive and came into effect on 25th May 2018. Irrespective of Britain leaving the European Union, UK organisations that handle personal data will still need to comply with the new regulation.

You should consult with legal and other professional counsel regarding the full scope of your compliance obligations. Generally speaking, however, if you are an organisation that is processing the personal data of EU citizens, the GDPR will apply to you. Even if all that you are doing is collecting or storing email addresses, if those email addresses belong to EU citizens, the GDPR likely applies to you.

One of the main aims of the GDPR is to harmonise and bring data privacy laws across Europe up to speed with the rapid technological change in the past two decades, helping to strengthen an invididual's rights to privacy.




Getting ready for the GDPR

Many organisations, large and small, are preparing for the new regulation. It is recommended you seek legal advice to determine what may be required for your organisation. However, there are a number of factors that all organisations should be considering.

Although it affects how organisations deal with employee data, one of the more pressing issues will be the impact on how they handle donor data and relationships with volunteers. A lot of the GDPR has direct implications on how organisations run and how they handle volunteer data — introducing stricter rules about data processing and who organisations can contact.

You should be making sure that key people and decision makers in your organisation are aware of the introduction of the GDPR. Much of the new regulation coincides with requirements already set by the DPA, however there are some changes and they need to understand the impact this is likely to have.

Non-compliance beyond the enforcement date, is liable to attract heavy penalties. See how Assemble prepared for the GDPR here.



Relationship with suppliers

Satisfying GDPR requires investment in time, effort, and expertise. One way to solve this is by being part of a cloud or SaaS system, providing a safe environment to manage and process your data.

However, you should be confident that any providers which you work with meet the necessary standards for data protection, understand the obligations of the GDPR, and are well prepared to meet them. Assemble operates as a trusted and secure Software as a Service (SaaS), find out how we handle our compliance here.




Please note that this information is intended to provide helpful guidance to customers on the GDPR and not as a solution or legal advice. We encourage each organisation to undertake their own steps to ensure compliance.


Take the first step

The volunteer journey starts here. Ease the role of management, strengthen volunteer relationships.

Watch 4-minute demo