Charities need to be aware of their obligations under GDPR. This involves reviewing what data you hold and why you hold it. You may need to review how you seek consent to collect personal data, how you store it and how you remove it.
Below is a comprehensive overview of how to retain and review data. This was developed by the Charity Data Protection Working Group, which is made up of Charities of varying sizes that, through services to people, many of them statutory duty services, have responsibility for personal and sensitive data.