Charity GDPR Compliance with the Charitylog CRM

How can Charitylog help?

The General Data Protection Regulation came into force in May 2018.

It still applies even though Britain has left the European Union.

It applies to any organisation processing and holding personal data. Personal data is any information related to a natural person, that can be used to directly or indirectly identify the person. It can be anything from a name, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

As a charity, the way in which you handle and process data will be affected by this regulation. Charity GDPR requires:

  • Unambiguous or explicit consent, which may be service-specific
  • Consent to be able to be withdrawn as easily as given
  • Right to view all data
  • Right to be forgotten
  • Right to data in readable format


How can Charitylog help charities with GDPR*?

User Access to Data

You can define the types of data (e.g. personal data such as gender, ethnicity, medical data, financial data) viewable at a user level.

Users only see the information they are entitled to, which may differ by service. There is also a section to display the types of information that is not available to them.

Detailed Consent Recording

Client data'How do I record consent GDPR?'. This is a question asked by many charities, Not for Profits and Community Interest Companies. Detailed consent options are available with Charitylog and information is prominently positioned in one location within the system. As there may be many separate types of consent required, this section expands to accommodate all your needs. Our specialist charity CRM allows you to manage and record consent in terms of:

  • Date of consent
  • The level at which consent is held
  • Consent-related functionality
  • Third party sharing consent (signposts & external referrals)
  • Withdrawal of consent


For external referrals, you can control which consents are needed to refer to any external organisation, record whether the client has given this consent and issue a clear warning if this has not been given. This offers an efficient way to record consent GDPR.

Personal Access to Data

Individuals can easily view the data held on the system via printouts.

Our Print Client Record function allows you to include all the relevant data.

Right to be forgotten

With the Anonymisation function, you can delete any identifiable data, while leaving an identifier so that historical reports are still correct. You can also search for clients where there has been no contact for a defined period.

Data portability

There is a requirement to export the data in a 'commonly used machine-readable format'. CSV, XML, or Excel are acceptable. The Print Client Record feature has a handy Excel export option for this. A user-defined template library will allow predefined fields to be exported. This avoids the need to repeatedly choose the information you need.

Our management database makes charity GDPR* compliance simple.

Request Your Demo Today

* GDPR: UK GDPR (Jan 2021) incorporating DPA 2018