As a board administrator, you understand how vital the EU’s General Data Protection Regulation (GDPR) is to your clients. They expect you to make safeguarding their data a top priority. From names and phone numbers to dates of birth and email addresses, you handle a vast amount of personal information, and threats to that data never seem far away.
Board members of charities often first encounter GDPR compliance through charity governance training. They aim to remain compliant and raise the alarm when necessary, but they may feel unsure about what to include in a GDPR compliance statement or how to draft one effectively.
Read on to discover the key components of a GDPR compliance statement and use the free template that you can adapt to your organisation’s needs.
What is GDPR Compliance?
The GDPR is a comprehensive set of laws passed by the European Union to help organisations protect their personal data. Organisations must follow the rules set out by the GDPR when they collect, process, and store personal data or face significant fines.
GDPR compliance is when a company, organisation, or other body complies with the laws and rules created in the GDPR. Compliance is important to avoid penalties and legal issues. It also helps you build trust with your client base. If you aren’t GDPR-compliant, you can face legal problems and large fines.
Organisations typically gain personal data through charity fundraising or online sales. No matter how you received the data, your organisation must protect it. The GDPR provides a clear guideline for the ways to protect and secure private data.
The comprehensive blueprint for selecting a results-driven board management vendor.
What Is a GDPR Compliance Statement?
Employees of nonprofits are often familiar with the Charity Governance Code, but they may not know about a GDPR compliance statement. A GDPR compliance statement is a formal declaration by an organisation affirming its commitment to following the rules and regulations set forth by the GDPR.
By outlining an organisation’s approach to data protection, a GDPR compliance statement plays a key role in building public trust. When an organisation lacks such a statement, it signals a failure to comply with regulations and increases the risk of exposing personal data.
Here’s a simple reference table that lays out the key elements of an effective GDPR compliance statement:
Element | Purpose | Example Content |
Commitment Statement | Shows dedication to GDPR compliance and data protection across the entire business or organisation. | “We are committed to protecting your personal data and complying with GDPR standards.” |
Lawful Processing | Explains that data is collected and used lawfully, fairly, and transparently. | “We process data only for specified, legitimate purposes.” |
Data Security | Outlines the specific measures taken to safeguard data. | “We use appropriate technical and organisational measures to protect your sensitive data.” |
Data Retention | States how long data is preserved and why. | “We retain personal data only as long as necessary to fulfil legal or business needs.” |
Data Subject Rights | Lists rights of individuals under GDPR. | “Right of access, rectification, erasure, portability, and objection.” |
Contact Information | Provides a way to exercise rights or ask questions related to GDPR. | “For additional information or to contact a member of our privacy team, please email us at __________.” |
GDPR Compliance Statement Template
Here’s a ready-made GDPR compliance statement template you can copy:
Our Commitment
[Company Name] is committed to protecting the privacy and security of your personal data. We comply with the requirements of the General Data Protection Regulation (GDPR) and uphold the highest standards of transparency and accountability.
How We Process Personal Data
We ensure that personal data is:
- Processed lawfully, fairly, and transparently
- Collected only for specific, explicit, and legitimate purposes
- Limited to what is necessary for those purposes
- Accurate and kept up-to-date
- Retained only for as long as is necessary
- Protected using appropriate technical and organisational measures
Data Security
We implement strong security safeguards to protect personal data against unauthorised access, loss, or misuse. Access to personal data is restricted to those who need it to carry out their duties, and all staff and partners are required to follow strict data protection policies.
Data Retention
We will not keep personal data longer than necessary for the purposes for which it is collected, unless required by law or regulatory obligations. Once data is no longer needed, it will be securely deleted or anonymised.
Data Sharing
We may share personal data with trusted third-party service providers who help us deliver our services. Any sharing is carried out under strict data protection agreements to ensure your information remains secure and is used only for agreed purposes. We do not sell personal data to third parties.
Your Rights Under GDPR
As an individual, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct or update inaccurate or incomplete information.
- Erasure: Request deletion of your personal data when it is no longer needed or processed lawfully.
- Restriction: Ask us to limit how we use your data in certain cases.
- Portability: Obtain and reuse your data across different services.
- Objection: Object to certain processing, including direct marketing.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Contact Us
If you have any questions about how we handle your personal data, or if you would like to exercise your GDPR rights, please contact us: [Email]
Introducing OnBoard AI
By offering a complete suite of AI-enabled tools, OnBoard AI helps boards streamline their work and save time and money. It leverages AI to help board members make decisions more quickly and offers real-time insights.
AI board meeting software tackles routine tasks, analyses data, and summarises information in a fraction of the time a person could, helping to improve the efficiency of the board and uncovering trends you might not otherwise notice.
OnBoard Powers Modern Boards
When organisations collect personal data, they must take clear steps to safeguard it. The GDPR sets out the rules and regulations that organisations across the EU and the UK must follow to protect the data they hold. A GDPR compliance statement demonstrates to the public that the organisation can be trusted with their information and explains how it intends to protect it.
Not-for-profits may already use charity governance software, but every organisation benefits from AI board meeting software that simplifies daily responsibilities. OnBoard enhances organisational efficiency, helping teams review data, identify trends, and avoid missed insights. The OnBoard AI suite supports analysis and streamlines document production, from drafting meeting minutes to compiling reports.
OnBoard features that strengthen GDPR compliance and data protection include:
- Enterprise-Grade Encryption: Protects sensitive board and personal data at rest and in transit, ensuring compliance with GDPR security requirements.
- Granular Access Controls: Assigns permissions by role, so only authorised users can view, edit, or share confidential information.
- Audit Trails and Activity Logs: Tracks every action taken within the platform, providing the accountability and transparency regulators expect.
- Secure Document Sharing: Distributes agendas, minutes, and compliance reports in a protected environment, reducing the risk of data leaks.
- Automated Compliance Support: Flags potential risks, helps boards stay on top of regulatory obligations, and streamlines policy reviews.
Request your free trial today and see how OnBoard can transform your board’s work.
Enhance strategic meetings with OnBoard's intuitive board management tools.
Ready to upgrade your board’s effectiveness with OnBoard the board intelligence platform? Schedule a demo or request a free trial.
About The Author
- Darren McCullagh is Marketing Operations Manager at OnBoard and an experienced B2B SaaS marketer with over eight years in international demand generation, marketing operations, and campaign execution. He specialises in developing and scaling multi-channel programmes across EMEA and APAC, bridging sales and marketing, and enhancing campaign performance. Darren lives in the North West of Ireland.
Latest entries
Board Management SoftwareOctober 10, 2025How Australian Boards Can Improve ESG Reporting (Step-by-Step)
Board Management SoftwareOctober 9, 20255 Ways APAC Boards Use AI to Drive Efficiency
Board Management SoftwareOctober 8, 2025Choosing Board Software: What to Look for, What to Avoid
Board Management SoftwareOctober 8, 2025From Policy to Practice: How to Navigate Aged Care Reform With Strong Governance
