GDPR Reading List

One of the biggest projects for many arts organisations in 2018 will be preparing for the introduction of GDPR. The General Data Protection Regulation is a new set of rules about how organisations are allowed to use personal data. With these regulations coming into effect from May 2018, we all need to ensure that we are fully complaint by this time.

The GDPR regulations relate to how you collect, store, process and share personal data such as customer, audience and employee records. As such, it is relevant for most arts, culture and charity organisations! Happily, there is lots of information available from trustworthy sources online. Here’s a short reading list of GDPR articles, best practice and guidance that we think will be most relevant for our clients and contacts…

1. Arts Council England has created an incredibly useful site called Sharing Data which clearly and concisely sets out best practice for data collection in relation to GDPR and the arts. This site is a great first stop introduction to the subject, and includes case studies, FAQs and a list of further resources to investigate.

2. Museums will benefit from the Association of Independent Museum’s thorough Success Guide – an extensive document intended to brief small museums on how privacy and data regulations impact them.

3. Charities and non-profit organisations will need to consider donors as well as audiences and customers. The Information Commissioner’s Office has put together some GDPR guidance specifically for charities. This includes a charity sector toolkit, explaining how to implement appropriate policies within charitable organisations.

4. The Institute of Fundraising has created a guide designed to teasing out the elements of GDPR that are most relevant for fundraising organisations. They call their guide “a starting point for fundraisers to be aware of some key areas that they need to be thinking about.”

5. Finally, ArtsProfessional’s no nonsense article lists practical tips for implementing GDPR within arts organisations.


Making sure you are compliant with the new data regulations may seem a daunting task, especially for smaller organisations with limited resources. But these guides and articles should offer a good place to start, and help you to build up a basic understanding of the impact these changes will have – and the work that needs to be done to prepare for them!