AIM Success Guide: Successfully managing privacy and data regulations in small museums
The new AIM publication focuses on the most important areas for action for the impending General Data Protection Regulation (GDPR). The guide is suitable for all AIM members and other heritage sector organisations across the UK.
This guide is intended for museums and other cultural organisations wanting to understand how they should be responding to current and forthcoming data protection regulation. It isn't a guide to everything in the Data Protection Act (DPA), or the impending General Data Protection Regulation (GDPR), but focuses instead on the most important areas for action now. The GDPR applies to the whole UK, so this guide is suitable for all AIM members across the UK.
Data protection regulations are far more wide-reaching than discussed here and we recommend reviewing the guidance given by the Information Commissioner's Office (ICO) and by other organisations listed in the further reading section. The information given here is based on guidance currently available, and readers should be aware that further updates will be published by the ICO and Fundraising Regulator.
AIM’s Executive Director, Tamalie Newbery:
“Lots of AIM members have been contacting us to find out what they need to know about the new GDPR regulations. This guide explains in a straightforward way, what museums need to think about and what they need to do to make sure they are complying with the current and new regulations. .”
This guide is for trustees, senior staff and members of staff and volunteers involved in fundraising or marketing. However, it would be useful to share the key points with all staff and volunteers since so many of them will come into contact with data collection and processing in the course of their working week. Remember that data protection is not just a fundraising issue, it relates to any data that the organisation collects and uses, from admissions and gift aid declarations to mailing lists and volunteer information. This guide will outline the main data protection issues to help you carry out an audit of your current position and draw up an action plan. It aims to be a practical guide that will put you on the right path for data protection compliance. There is an action checklist included, which summarises the issues you need to consider and the action you may need to take.