Data protection

Last Updated:
by Adriana Oliveira

The General Data Protection Regulation, or GDPR, is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU residents. It replaced the Data Protection Directive as of 25 May 2018.

You can read all about the GDPR on the EU GDPR or the UK Information Commissioner's Office websites.

As part of Assemble's efforts to ensure your organisation is complying with GDPR in terms of the data you hold for your volunteers on Assemble, we have implemented certain functionalities that we will require you to configure.

One of the key functionalities is the automatic anonymisation of data after the retention period of user data has expired. (This can also be manually initiated.)

But before we talk about this in more detail, let's also define some of the keywords used.

Potential volunteers who applied for an opportunity within the organisation and are still in the recruitment process. They are not a volunteer until they have been cleared to start the role, therefore, don't have access to Assemble.
This is the form that an applicant has filled in. An applicant may have multiple applications that are ongoing or closed.
Cleared applications
Application of applicants that have been successful and have turned into an active role.
Closed application
Application of applicant that has not been cleared due to either applicant being rejected or them withdrawing.
Active user
A volunteer or non-volunteer who has an active role within the organisation.
Inactive user
A volunteer or non-volunteer person who doesn't have an active role within the organisation.
Users and applicants personal details are stored in an encrypted Excel format in what we call "cold storage", once these details have been anonymised it cannot be restored into Assemble.

What gets anonymised

Cleared applications

All personal information in the application that is not related to the applicant is anonymised. Examples could be answers to questions asked as part of the application or details of their referees.

Closed applications

All information.

If the applicant has more than one application, their data won't be anonymised until all the applications are processed.

Inactive users

All information.

Data Protection Officer (DPO) 

Each organisation on Assemble has to enter the details of its Data Protection Officer. This information is then shown to users of your organisation under the My data page which contains important information about how their data is processed.

  Required permission(s)

  • Organisation management: Manage organisation terms and consents