Table of Contents
Organisations regularly work with various staff members, including paid staff and volunteers. The UK General Data Protection Regulation (‘UK GDPR’) sets out strict rules regarding processing personal data about individuals. One of the critical rules under this data protection law is to provide individuals with transparent information about how you will use their data. If your organisation engages volunteers, you must inform them how you use their personal information. You can meet this requirement by giving volunteers a Privacy Notice document. This article will explore when to give your volunteers a Privacy Notice and the critical information it should contain.
Do the UK GDPR Rules Apply to Volunteers?
When you collect and process personal data about volunteers, the law deems you a data controller. A data controller is an organisation that determines the purposes and means for processing personal data.
Data controllers have several obligations under the UK GDPR rules, including the requirement to process personal data fairly, lawfully and transparently. While volunteers are not your employees, they are still data subjects who fall under the UK GDPR’s scope of protection.
If you collect or process any personal information about volunteers, you must explain this to them. This is due to the fundamental UK GDPR principle of transparency – meaning you must be open and transparent about using personal data. It does not matter who the individuals are – all individuals from whom you collect personal data as a data controller have a right to be informed about how you will use their personal data.
This factsheet sets out how your business can become GDPR compliant.
What Privacy Information Do I Need to Give Volunteers?
There is a range of information you will need to share with volunteers. For example, you must provide:
- your company information and identity, and the fact that a ‘data controller’ decides how to use volunteer data;
- comprehensive information about all the different types of personal data you collect, such as volunteer names and contact details, email addresses, addresses and identification documents;
- your reasons for processing a volunteer’s data, including what lawful basis you are permitted to process volunteer data under;
- information about whether you will share the volunteer’s data with group companies and external third parties (such as suppliers) and whether you will transfer their data to any countries outside the United Kingdom;
- details setting out how a volunteer may exercise their data subject rights under the UK GDPR, such as making a subject access request;
- details around how long you will retain volunteer data and when you will delete it;
- information about data security measures you have in place to safeguard personal data; and
- information about whether criminal convictions and special categories are collected and whether you will make any automated decisions using personal data.
Some businesses work with volunteers who are children. If you collect personal data from volunteers who are children, their personal data will be considered particularly sensitive and additional rules will apply. You should also note that additional rules also apply if you collect special categories of personal data from volunteers (such as religious beliefs). For example, you may need to use a form seeking explicit consent to collect certain information, where necessary.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
How Do I Provide Privacy Information to Volunteers?
Organisations usually provide the above information through a Privacy Notice document. You should provide this document to your volunteers before you process their personal data.
Organisations engaging volunteers can prepare a specific ‘Volunteer Privacy Notice’ document. This should form a crucial part of your volunteer recruitment process. The Volunteer Privacy Notice also should not be generic – it must be bespoke and tailored to the types of personal data you collect from volunteers.
Remember that volunteers who you collect data about are data subjects with several rights under data protection law. As such, you should not ignore these rules. Providing volunteers with a Privacy Notice will help you demonstrate your compliance with the UK GDPR rules and show your volunteers that you treat the protection of their personal information seriously.
Key Takeaways
If you collect personal data from volunteers, you must comply with UK GDPR rules. Although volunteers are not your staff, they are entitled to the same data protection law rights as your employees. You should provide them with comprehensive information about the personal data you collect from them and why. This is often achieved by providing volunteers with a Volunteer Privacy Notice. You should carefully consider the types of personal data you collect and draft this document accordingly. You can work with a data protection lawyer if you need help with this.
If you need help preparing or updating a Volunteer Privacy Notice, our experienced data privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
We appreciate your feedback – your submission has been successfully received.