aspects of the work you do may fall under the provisions of the legislation and any information you provide to the public authority would be caught.
Useful websites
www.ico.org.uk - is the regulator’s website, where you can  nd guidance for organisations, and a helpline.
www.fundraisingregulator.org.uk - is the fundraising regulator’s website, where you can  nd the Code of Practice on fundraising, and details of the Fundraising Preference Service.
Data protection policy checklist
There are a number of policies that you should consider having in place that relate to personal information. A data protection policy will be the main source, but DPA compliance will also come into CCTV, data retention and ICT. In terms of the data protection policy, you should cover:
Ÿ The categories of personal information that you collect
Ÿ The categories of uses to which you are likely to put the information you
collect
Ÿ How you comply with the principles
Ÿ How you comply with subject access requests/other individual rights under the DPA
Ÿ What you do in the event of a breach, including the speci c requirements of the GDPR
Ÿ A list of possible disclosures. This will never be exhaustive, but list the main/regular ones
Ÿ How to deal with a request from a third party for information
The most common mistake made in a policy like this, is to say “we will never release your information to a third party without your consent”. Whilst in the normal course of events this may be true, if the police come knocking and request information, you are likely to pass this on without seeking the consent of the individual, so never limit yourself. If you must use that phrase, say “Unless exceptional circumstances apply, we will never disclose your information to a third party without your consent.”
Chapter 11 219