Dynamic legal support for successful individuals, businesses, schools and charities.

BARLOW ROBBINS CHARITIES

YOUR GDPR COMPLIANCE STRATEGY HOW WE CAN HELP

P 2

BARLOW ROBBINS GDPR SERVICES FOR CHARITIES

1. Get your house in order

We recommend you arrange a meeting with your ‘compliance team’ and consider the following questions:

▪What are your resources for complying with GDPR?

▪ Whoarethestaffwhoneedtobeconsulted,trainedandauthorised? ▪ Whatinternalresourcesdoyouhave? ▪ Whatstructuresdoyouneedtoputinplace?Willtherebeasteeringcommittee? Who will report in/out of it?

▪ Arethereexternalconsultantsortechnologysolutionsyoushouldconsiderinvolvingintheprocess?Wewouldbedelightedtohostsuchaplanningmeetingtoensurealltherightquestionsareaskedandthekeymattersconsidered.Ourfeeforsuchameetingwouldbefixedat£500plusVATregardlessofthelengthofthemeeting.

2. GDPR Audit

Youwillneedtoconductanauditofallthecharity’ssystems,electronicandhardcopyfiles,activities,processes,correspondence,contractsetc.tomakearecordofallthepersonaldatayouhold,thepurposesforwhichyouprocessitandthelegalbasisonwhichyouwishtoprocessit.

The questions for you to consider should include:

▪Whatpersonaldatadoyouholdandprocess? ▪Whereisthepersonaldatacollected? ▪How,whereandwhyisitused(thedatapurposes)?Withwhomisitshared–withintheorganisation andwiththirdparties?

▪Howlonghaveyouheldthepersonaldata? ▪Whattechnology/policies/contractsgoverntheprocessingofpersonaldata? ▪Whatsecuritymeasuresdoyouhaveinplace?

Your GDPR compliance strategy –howwecanhelp

P 3

DYNAMIC LEGAL SUPPORT FOR SUCCESSFUL INDIVIDUALS, BUSINESSES, SCHOOLS & CHARITIES

We would be delighted to assist you plan and carry out this audit. We provide three levels of audit support for charities as follows:

Pleasealsoconsiderour‘Turnkey Solution’,foundonpage 6,ifyouwouldliketoconsideran‘all-in’serviceforyourorganisation’sauditandcompliance.

AUDIT — BRONZE SERVICE £500 plus VAT

WewillprovideyouwithwrittenguidancedesignedtohelpyouthroughthechangesthatGDPRwillbringaboutandprovidinganessentialcontextforyouraudit.

AUDIT — GOLD SERVICE £2,500 plus VAT

InadditiontothewrittenguidanceoftheBronzeserviceandthethreevisitsundertheSilverservice,youwillhaveaccesstoourdedicatedGDPRteamthroughatelephoneandemailhelplineforaperiodofthreemonthsbeginningwiththedatewesendyouourBronzeserviceguidance.Thiswillenableanyday-to-dayqueriesrelatingtoyourconductoftheaudittobeanswered.

Your GDPR compliance strategy –howwecanhelp

AUDIT — SILVER SERVICE £1,750 plus VAT

InadditiontothewrittenguidanceprovidedaspartoftheBronzeservicewewillprovideadetailedAuditQuestionnaireasatemplateforyourauditandattendthreehour-longmeetingswithyouwithinathreemonthperiodbeginningwiththedatewesendyouourBronzeServiceguidancetoassistyouonyourauditjourney.

P 4

BARLOW ROBBINS GDPR SERVICES FOR CHARITIES

3. Compliance – plan your journey

Onthebasisofthepersonaldata,purposesandprocessesrecordedinthedataauditreport,youwillneedtoconductariskandgapanalysisofthedataandformulateyourcompliancestrategyaccordingly.

The relevant questions for you to consider should include:

▪Canyoudemonstratetheconditionsforprocessing(consent,legitimateinterestetc.) you wish to rely on?

▪Inparticular,canyoudemonstrateexplicitconsentfortheprocessingofspecialcategoriesofpersonal data(race,ethnicorigin,politicalopinion,religiousbelief,TUmembership,physical/mentalhealth,sex life,legalproceedingsforanyoffence)?

▪Ifyoudon’thavetheconsentsyouneed,howwillyouobtainthem?▪AreyourcontractswiththirdpartiesandprivacypoliciesandnoticesGDPRcompliant?▪Areyoureadyfordealingwiththeenhanceddatasubjectrightssuchassubjectaccessrequests?

▪Willyouconductmystery-shopperorticket-testingexercises?

▪Whatisahighriskandhowshouldcompliancebeprioritisedbasedontherisks?▪Whatisarealistictimetableforcompliance?▪Aretherightpeopleappointedtoimplementtheworkthatneedstobecarriedout?

▪WillyouhaveaDataProtectionOfficertooverseefurthercomplianceefforts?

Your GDPR compliance strategy –howwecanhelp

P5

DYNAMIC LEGAL SUPPORT FOR SUCCESSFUL INDIVIDUALS, BUSINESSES, SCHOOLS & CHARITIES

We offer two levels of support for your compliance needs:

PleasenotethatanyassistanceorenquiriesoutsidethescopeoftheaboveComplianceandCompliancePlusserviceswillbechargedonatime-spentbasis.

Pleasealsoconsiderour‘Turnkey Solution’onpage 6ifyouwouldliketoconsideran‘all-in’serviceforyourorganisation’sauditandcompliance.

COMPLIANCE SERVICE PLUS — £4,000 plus VAT

WewillprovidetheserviceofferedinourComplianceserviceandyouwillalsohaveaccesstoourdedicatedGDPRteamthroughatelephoneandemailhelpline.Wewilldealwithyourday-to-dayqueriesrelatingtotheconductofyourGDPRcomplianceforthreemonthsfollowingthedateoftheComplianceServiceriskassessmentmeeting.Thiswouldnotincludedraftingoramendinganydocuments(seebelow).

COMPLIANCE SERVICE — £2,500 plus VAT

Wewillreviewyourdataauditreportandprovidea‘trafficlight’riskassessmentonthebasisofthereportandattendameetingtopresentouradviceanddiscussyourcompliancestrategy.

Your GDPR compliance strategy –howwecanhelp

P 6

BARLOW ROBBINS GDPR SERVICES FOR CHARITIES

3. Turnkey Solution

Updating/ redrafting documents

Itwillbecomeapparentoncetheaudithasbeenconcludedandthecomplianceprocessisunderwayexactlywhatdocuments–contracts/policies/fundraisingmaterials–needtobeamendedtobeGDPR-ready.

Giventhatwehavenowayofknowingatthisstagehowmuch,orhowlittle,workwillberequiredweproposethatoncetherequirementshavebeenidentified,wewillagreeafeewithyouforanyworkthatmaybeneeded.Thesecostsarenotincludedinanyoftheservicesabove.

Please contact one of our specialists who will be happy to discuss your matter with you:

Your GDPR compliance strategy –howwecanhelp

BEN COLLINGWOOD Partner – Schools & Charities

T: +44 (0)1483 464204E: bencollingwood@barlowrobbins.com

KENJI BATCHELOR Senior Associate – Schools & Charities

T: +44 (0)1483 464248E: kenjibatchelor@barlowrobbins.com

LAURIE HEIZLER Of Counsel – IP, Technology & Media

T: +44 (0)1483 464272E: laurieheizler@barlowrobbins.com

TURNKEY SOLUTION – PRICE ON APPLICATION

TheTurnkeySolutionisthechoiceforyouifyouwantan‘all-in’servicetocoverallyourauditandcomplianceneeds.Wewilloverseethelegalauditprocessonyourbehalf.

Thiscoverseverythingfromreviewingandcollatingdocuments,interviewingstaff,ifnecessaryandpreparingadetailedreportwhichincludesa“trafficlight”systemofriskassessmentagainstthedataandrelevantdocumentsrecordedintheaudit.AsintheComplianceservicesabove,wewillattendameetingtopresentouradviceanddiscussyourcompliancestrategy.Thiswouldnotincludedraftingoramendinganydocuments(seebelow).

Thebulkofthisworkwouldbeconductedbyusonyourpremises.

Thisprocesswilllookdifferentforeachandeverycharitysopleasedoaskifyouwishtodiscussthisfurther.

P 7

DYNAMIC LEGAL SUPPORT FOR SUCCESSFUL INDIVIDUALS, BUSINESSES, SCHOOLS & CHARITIES

GU I L D F O R DTheOriel SydenhamRoad Guildford,SurreyGU13SR

T: +44(0)1483 543210E: info@barlowrobbins.com

WOK I N GConcordHouse 165ChurchStreetEast Woking,SurreyGU216HJ

T: +44(0)1483 748500E: woking@barlowrobbins.com

LONDON5thFloor 20NorthAudleyStreet London,W1K6WE

T: +44(0)207 0780810E: london@barlowrobbins.com

BARLOW ROBBINS CHARITIES