How a charity is preparing for GDPR

How is your preparation for the General Data Protection Regulation (GDPR) going?

Today I have a guest post by Nikki Roberts, @NikkiRoberts7, Head of Communications at Tamba (Twins and Multiple Births Association). She’s written for the All Things IC blog to reveal how they have been preparing for the changes with the help of Daphne.

Nikki has worked at Tamba for five years and is responsible for the press office, external media campaigns, email marketing, digital and internal communications.

Jargon buster: GDPR is the General Data Protection Regulation, a piece of EU legislation that will supersede the Data Protection Act. On 25 May 2018, most processing of personal data by organisations will have to comply with the regulation.

GDPR aims to give people the power to say how their personal information is used, it also aims to keep data safer.

See the end of this article for a list of resources including article, toolkits, events and webinars to help you learn more about it.

I’ll hand you over to Nikki…

How Daphne is helping us learn about GDPR

The General Data Protection Regulation (GDPR) is important. Getting it wrong can have a negative impact on a charity. Whether that’s a fine or damage to your reputation, or indeed both.

On the flip side, if you get it right, supporters will trust you and feel happy to be involved with the charity.

A big part of getting it right is ensuring that all of your staff understand the regulation and how it affects the charity and their role.

Further reading on the All Things IC blog: How Bristol Water is preparing for GDPR

Who we are
Tamba is the only UK-wide charity working to improve the lives of twins, triplets or more, and their families. We do this through successful campaigning to improve health and developmental outcomes; funding clinical research to reduce the risks faced before, during and after birth; and by providing practical support for all families, including those in crisis.

The Head of Membership, Emma Collins (who is leading the GDPR work for the charity) and I worked very closely on the internal communications campaign to inform staff of the changes that are rapidly approaching on 25 May 2018.

We wanted to make it engaging, with some humour, but also communicate the importance of the regulation.

We wanted GDPR at Tamba to be remembered for all the right reasons, so we invented a new member of staff – data protection Daphne.

Daphne was added to our staff meeting agenda that was distributed prior to the staff GDPR workshop. People were genuinely intrigued.

We kicked off the workshop with a brief outline of the new regulations, what they mean and how they’ll impact charities.

We then presented a story about a fictitious excited Dad called Bill. He was expecting triplets in the next few months. The Dad had heard about Tamba and was so impressed with the charity’s work he was keen to speak to every department. Enthusiastic Bill did a great job of ensuring each department could see how the regulation was going to affect them.

Bill booked on an antenatal course, signed up as a member, his wife called Twinline for some support and they both accessed the website etc. After the babies were born Bill even decided to take part in a run to fundraise for Tamba – I told you he was enthusiastic!

Following the presentation, we split everybody into teams and asked them to identify all of the areas where there could have been a potential data protection breach.

What would Daphne do?
Teams had 15 minutes to come up with their suggestions and then one team member presented them back to the whole group. Everybody totted up their points at the end and the winning team got to pick a prize out of the lucky dip! (Oh yes, the prizes were all wrapped up, just like a proper lucky dip!) The lucky dip had a mixture of little hand creams, chocolates, notebooks etc

Following the meeting we put up posters around the office asking the question ‘What would Daphne do?’  to act as a little visual reminder of our workshop.

The phrase ‘What would Daphne do?’ is now heard quite a bit in the office!

Post author: Nikki Roberts.

Thank you Nikki. How are you preparing for the General Data Protection Regulation?

Resources to help you learn about GDPR:

Brand new video by Tony Stewart, @TSDigi, Head of Digital at scarlettabbott:

Please refer to legal advisors and the ICO website for advice and guidance to make the right decisions for your organisation regarding GDPR compliance. These resources are intended to help you start those conversations as I’m not a legal expert.

Where to get legal advice: free GDPR checklist

I am not a legal expert, however, I recommend contact Suzanne Dibble, who is. I’ve bought the resources mentioned below and recommend them. There’s two options: a free checklist and a paid-for compliance pack.

Suzanne is a multi-award winning business lawyer who consults with multi-nationals on data protection law and the upcoming GDPR.

The Legal Services Board and the Law Society have heralded her innovative approach to helping small business owners with complex regulations. Suzanne worked with Richard Branson at Virgin where she managed a group wide data protection project which resulted in Virgin nominating Suzanne for the Solicitor of the Year Award and subsequently Suzanne was runner up in this prestigious award.

She has published a free GDPR Checklist which guides you through what you need to know.

You can access it here:

Where to get legal advice: purchase a GDPR compliance pack

Suzanne has also created a GDPR Compliance Pack, which costs £197. She says: “My pack contains 20 legal document templates and checklists that you will need post GDPR, regardless of the size of your business.”

You can buy it here:

It includes:

  • MODULE ONE: Email for refreshing consent GDPR compliant privacy policy, GDPR checklist inc processing checklist
  • MODULE TWO: Data processing inventory Legitimate Interests Assessment form, Data transfer checklist, Processor Agreement
  • MODULE THREE: Marketing checklist Records retention policy, DPO checklist
  • MODULE FOUR: Employer checklist Employee privacy statement
  • MODULE FIVE: Employee subject access request form, Response to employee subject access request
  • MODULE SIX: Cookie policy Subject access record
  • MODULE SEVEN: Data breach record, Data breach checklist, DPIA form, Data Retention Policy.

You can buy it here:

Disclosure: This is an affiliate link. If you buy Suzanne’s pack as a result of visiting this link, I will receive a small commission for referring you to her services. 

Got a story to share regarding how you’re preparing for GDPR? I’d love to feature you, do please get in touch.

Learn about internal communication with All Things IC

Following feedback from readers, clients and Masterclass attendees, I’ve created new packages to outline all the different ways I can work with you to help you succeed. Whatever your budget is, there should be an option to suit.

From 1-2-1 VIP Days, to bespoke Masterclasses for small teams (up to five people) and larger teams (up to 10 people), you can now find full information via my website.

There’s also a range of options for phone consultations including one-hour and two-hour calls with me. As ever, I’m open to your suggestions of ways I can help solve your IC problems. Do get in touch and I’ll see how I can help.

Thank you to the professional communicators who attended my Strategic Internal Communication Masterclass today:

. I recorded a short video just after everyone left:

If you’d like to join me for future sessions, see the Masterclasses page and browse upcoming courses. They include Change Communication on 20 June 2018.

Thank you for stopping by,


First published on the All Things IC blog 21 February 2018.

Submit a comment

Your email address will not be published. Required fields are marked *

How can we help?

All Things IC helps practitioners around the globe increase their knowledge of internal communication.

There’s a variety of ways we can support you including trainingconsultancy and 1-2-1 support to boost your skills and confidence.

Or visit the shop to see everything we offer.

Who has hired All Things IC?

Clients say working with All Things IC leaves them feeling inspired, motivated, full of ideas and ready to turn plans into action.

We’re proud to have been invited to work with, and advise, some of the world’s leading brands.

Get in touch...

Would you like to work with All Things IC? Do get in touch below. Please note we only accept guest post ideas from in-house IC pros who have read the blogging guidelines.

Asking for advertising, back links or pitching services? We do not offer these and will not reply. Thank you.