Chances are this affects your organisation
GDPR stands for General Data Protection Regulation, which will become law in May of this year. It tightens up on existing Data Protectionregulations. It does have implications for everyone on the web, but it also extends to your back office systems (so beyond your website and email systems and our relationship) where you have recorded in any form; personal information.
Right now I have not read it all. I will return with some recommendations or things to think about in late Feb or early March. In terms of your websites, there may be things you need to do. For any CRM (Customer Relationship Management System) or any database or method for recording personal information, you will be affected. So do not ignore it.
Information Commisioner Office
You can start by going to this link and reading the material there: ICO GDPR.
Online learning course
A colleague has also pointed out that there is a self guided course available for free which takes around 3hrs. I have not looked at this yet, but do check it out. Go to Future Learn. I have not validated either of these yet. Do not pay anyone any money just in case there is a solicitation for money (unless you wish to). Guidance on the regulations should be available from multiple sources for free. I suspect that there will be a lot of FUD as well (Fear Uncertainty and Doubt) peddled by some consultants seeking to help you for a fee. So do take care.
Avoiding the Data Breach
We all read about data breaches from time to time. Once this regulation comes into force the penalties for a data breach are extremely high, to the extent they could put a large corporation out of business with some of the high profile data breaches. The main purpose of the legislation is to encourage any organisation dealing with information to have processes in place that proactively protect it, and to ensure you know how to extract information from it, and remove information from it (all copies), and your systems are secure and protected.
Small not for profit organisation
For small organisations without an IT department there will be implications that perhaps you have not thought about like an unprotected backup on a removable drive. As well as the systems you use on a day to day basis, you are also responsible for any copies you have on any media. It may be just a backup to you, but it will contain personally identifiable information. You are responsible for backup security as well as the live systems you use on a day to day basis.
I will return to this subject in the next six weeks.