Has anybody got any ideas or best practice examples of how small charities are tackling GDPR compliance? We know we don’t need to appoint a Data Protection Officer mandatorily but are looking at other ways to ensure we’ve adequately covered our data protection responsibilities. Scenario = a board of Trustees with one part-time member of staff. I’m looking for proportionate, practical, affordable and workable answers (a challenge!). Have you found a solution that is working for you? Thank you, Nicola