Successfully managing data and privacy regulations

Authors: Helen Shone (2017), revised by Faye Clews (2019), Development Partners

This guide is intended for museums and other cultural organisations wanting to understand how they should be responding to current data protection regulation.

The General Data Protection Regulation (GDPR) is an EU-wide regulation which came into effect on 25 May 2018. The GDPR gives individuals more rights and protection in how their personal information (their data) is used by organisations.

There are two other pieces of legislation controlling the use of personal information, which work alongside the GDPR:

  • The Data Protection Act 2018 (DPA)
  • The Privacy and Electronic Communications Regulation 2003 (PECR)

This guide focuses on the combined effect of the GDPR and these two pieces of legislation, and covers the most important areas for action now. The GDPR applies to the whole UK, so this guide is suitable for all AIM members across the UK.

Data protection regulations are far more wide reaching than discussed here and we recommend reviewing the guidance and the regular updates provided by the Information Commissioner’s Office (ICO) and the Fundraising Regulator as well as other organisations listed in the further reading section.

This guide is for trustees, senior teams, members of staff and volunteers involved in fundraising or marketing. However, it would be useful to share the key points with all staff and volunteers since so many of them will come into contact with data collection and processing in the course of their working week. Remember that data protection is not just a fundraising issue, it relates to any data that the organisation collects and uses, from admissions and gift aid declarations to mailing lists and volunteer information.

This guide will outline the main data protection issues to help you carry out an audit of your current position and draw up an action plan. It aims to be a practical guide that will put you on the right path for data protection compliance.

Successfully managing data and privacy regulations (opens in a new tab)

Sign up to our newsletter

* indicates required
Tick to also receive the Trustees newsletter
Marketing Permissions

Please select all the ways you would like to hear from Association of Independent Museums:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices.

Join AIM: We support and provide practical help to independent museums

Be part of a thriving community

Grow your network, attend events, learn from like-minded people and share your knowledge with our community.

Save money and get funding

Apply for AIM member grants, get discounts, special offers, promotions etc.

Get additional support from experts

Our team of consultants and mentors can help you.
Become a member From as little as £71 a year

Already a member? Make the most of your benefits.