Free GoodAgents Academy resource
AI Data Protection Checklist for UK Charities
A practical, GDPR-aligned checklist of what to verify before, during and after using any AI tool with charity data. Includes a 3-tier classification system so staff know in seconds what is safe to share, what needs approval, and what is off limits.
- Pre-deployment, in-use and ongoing checks in one place
- 3-tier data classification staff can actually remember
- UK GDPR + ICO guidance + DPA basics, plain English
- Editable DOCX you can adapt to your charity in an afternoon
Already a member? Sign in here.
Get instant access
Join the GoodAgents Academy free — no credit card. You'll unlock this resource and the full Strategy & Governance library.
“Excellent content delivered exceptionally well.”
Simmi Woodwal
CEO, The Honeypot Children's Charity
Result: A proper foundation, not a one-off workshop
Everything you unlock when you join the Academy
Your free Academy account doesn't just unlock ai data protection checklist. You get the whole Strategy & Governance library plus a preview of every Charity Opportunity and Office Productivity workflow we publish.
Strategy library (full access)
AI Adoption Journey Map, Jargon Buster, and the Trustee Briefing on AI — read in-app or download as DOCX.
Governance library (full access)
AI Policy Template, AI Readiness Survey, Data Protection Checklist and AI Risk Register — adapted for UK charities.
Charity Opportunity Library (preview)
55+ AI prompt packages across fundraising, marketing, operations, governance and HR. Browse every card; upgrade to Pro to copy the full prompts.
Office Productivity (preview)
Multi-tool workflows for monthly planning, inbox triage, meeting prep and more. Works with Copilot, Claude, ChatGPT or Gemini.
Charity profile auto-fill
Save your mission, charity number and key context once — every prompt then personalises automatically.
New resources every month
We publish new templates, prompts and workflows monthly. Free members get them as soon as they ship.
What's inside AI Data Protection Checklist
Pre-deployment checks
What to verify before any new AI tool touches charity data — DPA, sub-processors, data residency, training-data settings.
3-tier data classification
PUBLIC / SENSITIVE / PROHIBITED with worked examples staff recognise from their day-to-day work.
In-use guardrails
What to redact, what to anonymise and what to never paste — with a quick decision flowchart.
Beneficiary data rules
Specific guidance on safeguarding, case notes and personally identifying information about beneficiaries.
Vendor due diligence
A short, charity-sized vendor questionnaire — DPAs, security, incident response, model training opt-out.
Incident response
What to do in the first hour, day and week if data ends up in an AI tool that shouldn't have seen it.
Avoid the common pitfalls
No classification
Without explicit tiers, staff default to "I think this is fine" — and it usually isn't.
Free-tier tools for sensitive data
Using free ChatGPT or Gemini for donor or beneficiary data is the single most common breach pattern we see.
No DPA, no problem?
No Data Processing Agreement = no GDPR compliance. Several popular AI tools still have not signed one with you.
Forgetting transcripts
Auto-generated meeting transcripts often contain safeguarding-sensitive content the chairs never realised was being recorded.
How it works
Sign up free
Create your Academy account in under a minute.
Open the checklist
Read in-app or download the editable DOCX from your members area.
Adapt to your charity
Replace bracketed sections with your tools, roles and data. About 2 hours of work.
Roll out with training
Brief your team — ideally alongside the AI Policy Template and AI Readiness Survey.
Need a Data Protection Impact Assessment too?
Our governance work bundles the policy, checklist and a charity-sized DPIA into a single engagement — board-ready and reviewed by trustees within weeks, not months.
Explore AI Foundations