GDPR: Subject access requests and direct marketing for charities

One brand new course, two subjects. This specially developed course is designed to look at how third sector organisations should handle and deal with Subject Access Requests (SAR) and how to carry out Direct Marketing under the General Data Protection Regulations (GDPR). It will demonstrate how they should be interpreted using the GDPR and the Data Protection Act 2018 (DPA), and Privacy and Electronic Communications Regulations (PECR).  

Participants will leave the course feeling more aware and knowledgeable of Data Subject Access Requests. You'll feel more comfortable with your SAR plans and be able to identify what time and resources may need to be set aside for these instances. You’ll leave feeling empowered and more knowledgeable regarding your marketing activities, and feel more comfortable with your direct marketing plans, especially in respect to volunteers who fundraise etc. on your behalf.

The overall aim of the course is for you to get an understanding of Data Subject Access Rights, Subject Access Requests, what you can, and can’t, do with a request and, crucially, whether there are any exemptions you can use to minimise disruption to your organisation. You’ll also get an understanding of what you can, and can’t, do with direct marketing and the way in which the three pieces of legislation ‘dovetail’ together to make this necessary function, sometimes, difficult to manage.

Data protection and the GDPR raises many questions for third sector organisations. What is your organisation to do when it receives a Data Subject Access Request? Which of your client-users, customers, staff member or ex-staff member can submit at SAR? What is your organisation supposed to do with marketing? How can it market? To whom can they market? How can it fundraise? What will happen if they fall foul of the legislation?

To answer these questions and many more, you’ll concentrate on:

• a brief overview and reminder of GDPR and DPA 2018
• the Data Subject Rights
• Subject Access Requests
• timescales and (possible) exemptions
• penalties for getting it wrong
• the PECR
• the legal bases for processing
• consent and ‘opt-in’ and ‘opt-out’

This course is designed for anyone who might receive Data Subject Access Requests (from a user, client, customer, staff member or ex-staff member) and/or undertakes direct marketing and who may use ‘volunteers’ in support of their organisational objectives.