Training Archives - Support Cambridgeshire

Safeguarding Policy and Procedures

11 April 2025/by Karen Cann

Safeguarding Policy and Procedures

Slide 1 Safeguarding Policies

Hello and welcome to this recording from Support Cambridgeshire.

This recording considers how to create safeguarding policies and procedures It is a starting point and part of a package of tools and guidance available from Support Cambs.

Alongside this recording this transcript includes the links referred to throughout.

Slide 2 – Session Overview

This recording will cover:

Policy or Procedure?
What to consider when developing your policy?
What to include within your policy and procedures?
Plus additional considerations.

Slide 3 – What is a Safeguarding Policy

A safeguarding policy:

Outlines the aims of the policy without specifying how it will be delivered and also includes a commitment to protecting vulnerable individuals from harm, abuse, and exploitation.
Creates a framework and lays out the principles for safeguarding within your organisation.

Slide 4 – What is a Safeguarding Procedure?

A safeguarding procedure is more detailed that the policy and includes a detailed step by step guide that outlines the actions your organisation will take to protect individuals from harm, abuse or neglect. You may choose to combine your policy and procedure documents.

The details and length of your procedures should be relevant to your organisation needs and can include flowcharts, diagrams, and reporting forms to help make the steps easier to follow if that works best for your organisation.

Slide 5 – Why have separate policies for Children and Adult at Risk?

It is recommended that you have separate policies and procedures because:

This issues the 2 groups face are different.
The definitions and terms used differ.
Procedures for reporting abuse and handling cases are not the same.
Different legislation covers each group.

The most importance difference between safeguarding adults and children is the adults right to self-determine. An adult may choose not to act at all to protect themselves and it is only in extreme circumstances that the law will intervene.

If you are a smaller group and choose only to have one document, this should clearly differentiate between children and adults where needed.

For further guidance regarding separate policies please refer to this link

Why Have Different Policies and Procedures for Safeguarding Children and Adults – ACT

Slide 6 – What to consider when writing your policy?

Each organisation is different and there isn’t one size fits all policy. Although templates can provide a quick starting point you will need to consider:

Does the policy reflect how you operate?
Is it in keeping with the size and needs of your organisation.

Think about the language:
- use must and not may
- be reader friendly, clear and easy to understand
- if you use links, they need to be checked regularly

Slide 7 – What should you include in your safeguarding child safeguarding policy?

On the following slides I’ll talk you through each of these key policy elements relating to child safeguarding:

Your aims and commitments regarding safeguarding.
Refer to current legislation.
Outline the scope of the policy.
Give the legal definition of a child or young person.
The definition of child abuse or neglect.
State who is the Designated Safeguarding Lead and how can they be contacted

Slide 8 – Child Safeguarding policy: Aims and commitments

When writing your child safeguarding policy a stated aim might be to protect all children and young persons who come into contact with your organisation from harm, regardless of their age, disability, gender reassignment, race, religion or belief, sex or sexual orientation and the policy could state a commitment to support all committee members, staff and volunteers so that they have an understanding of their role and responsibilities regarding safeguarding. Your policy is an opportunity to reflect your organisations values and culture.

Example wording is shown on the slide (see below)

Aim

Protect all children and young persons who come into contact with our organisation from harm, regardless of their age, disability, gender reassignment, race, religion or belief, sex or sexual orientation.

Commitment

Support all committee members, staff and volunteers in understanding their role and responsibilities regarding safeguarding

Slide 9 – Reference to Current Legislation

You should also include the relevant legislation to demonstrate your awareness of the need for legal compliance. The legislation provides further guidance and clarifies your responsibilities.

In England, child safeguarding legislation is covered by three main acts:

Children Act 1989.
Children Act 2004.
Children and Social Work Act 2017.

Working together to safeguard children is the key statutory guidance for anyone working with children in England.

For more detailed information regarding legislation for safeguarding children please refer to the links below

Child protection system for England | NSPCC Learning

Cambridgeshire & Peterborough Safeguarding Partnership Board

Slide 10– the Scope of the Policy

The scope of the safeguarding policy outlines who it applies to, typically staff, volunteers, and trustees, but consider who else may interact with the children, such as caretakers or contractors.

We recommend also including the paragraph shown on the slide that states that ‘Safeguarding is the responsibility of everyone’, it is a reminder to us all that taking no action is not an option!

Text shown on slide

Safeguarding is everyone’s responsibility

Safeguarding is the responsibility of everyone within

(name of organisation) that includes, committee members,

staff, volunteers and service users. (name of organisation)

recognises that every organisation has a crucial role to play in

the support, identification and reporting of adults who may be at

risk of harm. Doing nothing is never an option.

Slide 11 – Definition of a Child or Young Person

In England, a child is defined as anyone who has not yet reached their 18th birthday, even if a child has reached 16 years of age and is:

Living independently.
In further education.
A member of the armed forces.
In hospital.
In custody in the secure estate.

It is important to remember that even when they are away from home living as an adult, they are still legally children and should be given the same protection and entitlements as any other child and any safeguarding concerns will need to be managed via the safeguarding procedures.

Slide 12 – Definition of Abuse or Neglect

Working Together to Safeguard Children 2018 includes definitions of the four broad categories of abuse:

Physical Abuse.
Emotional Abuse.
Sexual Abuse.
Neglect.

Supporting your staff and volunteers to be able to recognise the signs of child abuse or neglect is a priority.

How much detail you choose to include within your policy for both the definition of abuse and neglect and potential indicators again will be relevant to the size and service your organisation provides.

The template we have available on request provides a brief statement within the policy but with further information being provided within an appendix which you may wish to consider as an option.

Please refer to Recognition of Abuse and Neglect | Cambridgeshire and Peterborough Safeguarding Partnership Board or the NSPCC link within the transcript as both are excellent resources. Understanding child abuse: types, signs, and support | NSPCC

Slide 13– Designated Safeguarding Lead

Name and contact of the Designated Safeguarding Lead (DSL) and deputy.
Name of safeguarding trustee.

Charity trustees have a collective responsibility for safeguarding which includes appointing a Designated Safeguarding lead (and ideally a deputy) and a named trustee to oversee safeguarding.

Slide 14 – What we recommend including in your safeguarding adults at risk policy?

We’ll now go on to look at an Adult at Risk safeguarding policy and procedures

The following slides will consider these key elements:

Your aims and commitments regarding safeguarding.
Reference to current legislation.
Scope of the policy.
Definition of an adult at risk.
Definition of abuse or neglect.
Designated Safeguarding Lead.

Although the points covered are the same to those in the safeguarding children’s policy, there are some significant differences which is why separate policies are recommended.

Slide 15 Adult at risk policy: Aims and Commitments

Just as with child safeguarding the policy should state aims or outcomes and commitment to achieving these. An example for an adult safeguarding policy is shown on the slide (see below):

Aim:
To create a safe and supportive environment where all adults, particularly adults at risk, are protected from harm, abuse, and exploitation.

Commitment:
We will ensure all staff and volunteers attend safeguarding training annually, we will implement robust reporting procedures for suspected abuse and conduct background checks on all those working within our organisation. “

Slide 16 – Reference to Current Legislation (Adults)

Key legislation your policy must reference include The Care Act 2014. The six key principles are shown on the slide (see below) and underpin how organisations should manage adult safeguarding, how you support adults who need care, and ensures that everyone you work with is treated with respect and empowered to make choices about their care.

The 6 key principles should inform your policy and practices for safeguarding adults. If you work with adults at risk it is an essential read prior to developing or reviewing your adult policy.

Text from slide

The Care Act 2014 – Six Key principles:

Empowerment – People are supported and encouraged to make their own decisions and informed consent.

Prevention – It is better to take action before harm occurs.

Proportionality – The least intrusive response appropriate to the risk presented.

Protection – Support and representation for those in greatest need.

Partnership – Services offer local solutions through working closely with their communities. Communities have a part to play in preventing, detecting, and reporting neglect and abuse.

Accountability – Accountability and transparency in delivering safeguarding.

Here is the relevant link to the guidance in this transcript. Safeguarding Adults at Risk Key Legislation and Government Initiatives

Slide 17 – Reference to current legislation

Other key pieces of legislation your policy should reference are:

The Mental Capacity Act 2005 (MCA)

The MCA is the legislation that provides the legal framework for making decisions on behalf of adults who lack capacity to make decisions for themselves.

Making Safeguarding Personal (MSP):

The MCA outlines how to assess capacity, make decisions in the best interests of those who lack capacity, and the legal obligations of those acting on behalf of others.

Making Safeguarding Personal MSP is ensuring that safeguarding work is done with the person concerned and not to the person concerned. This again needs to be reflected within your procedure.

For more detail please refer to. Cambridgeshire and Peterborough Multi-Agency Safeguarding Policy | Cambridgeshire and Peterborough Safeguarding Partnership Board (safeguardingcambspeterborough.org.uk)

Slide 18 Scope of the adult at risk policy

The scope of the safeguarding policy outlines who it applies to, typically staff, volunteers, and trustees, but consider who else may interact with the person at risk of abuse.

Slide 19– Definition of an Adult at Risk

An adult at risk of abuse

Has needs for care and support (whether or not the local authority is meeting any of those needs).
Is experiencing, or at risk of, abuse or neglect.
As a result of those care and support needs is unable to protect themselves from the risk of, or the experience of abuse or neglect.

Slide 20 – Adult Definition of Abuse

The Care Act guidance lists the following types of abuse:

Physical abuse.
Domestic violence.
Sexual abuse.
Psychological abuse.
Financial or material abuse.
Modern slavery.
Discriminatory abuse.
Organisational abuse.
Neglect and acts of omission.
Self-neglect.

Recognising abuse is the first step toward following safeguarding procedures, ensuring appropriate action is taken to protect individuals. Understanding potential indicators—like changes in behaviour, unexplained injuries, or withdrawal can help to stop abuse. The details you include within your policy regarding abuse and signs or indicators is down to each organisation but again can reinforce your safeguarding commitment.

Slide 21- Designated safeguarding lead

As with the Child Safeguarding Policy, the Adult Safeguarding policy should give the name and contact details of the Designated Safeguarding Lead and their deputy and the name of the trustee who takes a particular interest in safeguarding and ensures it is considered in all relevant trustee decisions.

Slide 22 – What to include within your safeguarding procedures?

This slide provides some guidance to help you address the key points of a safeguarding procedure, whether it’s for children or adults.

How to recognise the signs of abuse and neglect.
How to respond appropriately.
How, when and what to record.
How, when and where to report.
Managing an allegation against a staff member or volunteer.
Information sharing.
Reviewing safeguarding practises.
Annual review of policy.

While the overarching points are similar, the way you manage processes for children and adults will differ. This difference should be reflected in the specific wording and approach outlined in your child and adult safeguarding procedure.

Slide 23 – Additional considerations

We’ve now completed our review of what you should include in your adult or child safeguarding policy and procedures. But there are additional points that need to be considered and you should check whether the following are covered within other policies and if not, consider if they are relevant for your organisation

On-line safety and use of social media
Whistleblowing
Events and outings
Record keeping and retention
Safer recruitment
Prevent
Missing child
Uncollected child
Mobile phones and cameras
Anti bullying

If you need help addressing any of these please contact us.

Slide 24– Next Steps

You might now want to take some time to read the useful links provided with the transcript, review your current practises and see what works well or could be improved.
Ensure your policy is easy to read for anyone who needs to understand it, and you might want to consider testing a draught policy with a small group to identify any unclear sections.
You also need to think about how your policies and procedures are communicated and whether people need training to ensure they understand and can follow them clearly.

Slide 25 – Thank You

If you would like more individual support, further guidance, a policy review or draft templates please contact us Info@supportcambrigdeshire.org.uk

Remember we are here to help!

Guidance links

For a copy of our safeguarding templates please contact us at info@supportcambridgeshire.org.uk

Slide 5

Why Have Different Policies and Procedures for Safeguarding Children and Adults – ACT

Slide9

Child protection system for England | NSPCC Learning

Cambridgeshire & Peterborough Safeguarding Partnership Board

Slide 12

Recognition of Abuse and Neglect | Cambridgeshire and Peterborough Safeguarding Partnership Board

Understanding child abuse: types, signs, and support | NSPCC

Slide 16

Safeguarding Adults at Risk Key Legislation and Government Initiatives

Slide 17

Cambridgeshire and Peterborough Multi-Agency Safeguarding Policy | Cambridgeshire and Peterborough Safeguarding Partnership Board (safeguardingcambspeterborough.org.uk)

Health and Safety

18 March 2025/by Karen Cann

Writing a Health and Safety Policy
Risk Assessment Made Simple
Running a Safe Event

CCVS guide to Writing a Health and Safety Policy

So coming up, we’ll start with the purpose of a safety policy and why it is needed, before looking closely at the three elements that form the content.

The Purpose

Let’s begin then with the Purpose.

A safety policy should be a working document. It should set out your organisation’s general approach to health and safety; and explain how you will manage health and safety in your group, charity or social enterprise.

And that’s it you don’t need to include pages of small print about noise, trips and falls, manual handling and so on… These are all matters that should be dealt with separately in a risk assessment.

But why is it needed?

Having an effective safety policy is a sign of a healthy organisation. It makes clear who is responsible for safety and what this actually involves.

And for organisations that employ staff, it is also the law.

But even if you are, volunteer-only, it is good practice to have a written safety policy

It shows that you plan, check and act on safety matters; and in particular, it demonstrates a positive attitude towards health and safety.

A safety policy may also be a requirement of certain funders.

So clearly, it is an important document. But what about the policy’s content… There are three main elements…starting with

The Statement

Quite simply, this is just a few lines committing the organisation to looking after the health, safety and welfare of its people; and meeting its health and safety duties.

Roles and responsibilities

Next are roles and responsibilities. Firstly, you need someone with overall and final responsibility for health and safety, such as your trustee board; and then someone with day-to-day responsibility such as your chief officer.

You also need to name those with any specific safety roles, such as undertaking risk assessment, monitoring safety controls, dealing with problems, and supervising team members.

You should also set out the responsibility of your staff and/or volunteers to work safely, attend safety training, and report concerns.

Safety arrangements

So what about your safety arrangements? Well, these should cover the actions, processes and procedures you will follow to manage health and safety.

This should include arrangements for conducting risk assessments, such as when and where they are needed, and how often they are carried out.

Other arrangements should cover how and when your team will be consulted on safety matters, your first aid arrangements, safety training, reporting incidents, and your emergency evacuation procedure.

Finally, the arrangements should also name your competent health and safety adviser. This is either an internal or external person who understands the safety issues you face and is experienced in safety matters.

Now, to help you, there are links to a template for a safety policy in the accompanying transcript of this presentation.

But let’s just sum up…

Keep it simple. Start your policy with an opening statement of intent, followed by a list of roles and responsibilities; and finally, a page or two setting out your arrangements. This is all you really need.

Thank you

Video Transcript was produced for CCVS by Green Pepper Consulting

Guidance links

CCVS Guide to Risk Assessment Made Simple

Hello, my name is David Green from Green Pepper Consulting; and in this short training presentation, one of a series from Cambridge CCVS, I will be looking at how we should conduct a safety risk assessment. Let’s begin…

Risk assessment involves identifying hazards, evaluating the risk they pose, and implementing measures to control or remove the risk. There are five steps to the process, so coming up we will look at each of the steps in turn.

What is a hazard?

But first, what exactly do we mean by a hazard?

Well, a hazard is anything that can cause harm.

This might be something that can harm a person’s physical health. Or something that can harm mental health, such as stress.

Why assess risk?

It is perhaps obvious, but to clarify, we assess risk to:

understand what safety measures are needed
help prevent accidents and occupational diseases
meet our legal duties

Risk assessment is a requirement of many safety regulations; and is a key aspect of health and safety management.

What’s more, a failure to assess risk might result in injury or illness to someone, leaving the organisation open to compensation claims and even prosecution.

To help you with the risk assessment process, there are links in the accompanying transcript of this video to a safety inspection checklist and to a risk assessment form.

Ok, Let’s now look at:

Step one of risk assessment – identifying the hazards

You do this by inspecting the workplace, ideally, with a staff rep or colleague, and then by speaking to your staff and volunteers – about their work.

We want to find out about different tasks, the equipment, the methods they use, and the environment in which they work. By looking at the workplace and speaking to your team at work, you can identify any hazards that they may face.

You will need to look for anything that might cause harm, something for example that could cause a trip, slip or fall. There could be manual handling hazards, objects stacked up high that could topple over, chemicals, noise, risk of violence and so on.

Because hazards can differ so widely, sometimes it helps to use a safety inspection checklist when looking around your workplace.

For those who work remotely, such as lone workers and home workers, it may not be possible to inspect how they work. But by discussing working methods with the individuals concerned, prompting and asking them about their safety concerns, you can together work out the likely hazards.

Step two of risk assessment – decide who might be harmed, and how

Step two of risk assessment considers who might be harmed, and how…

Look for anyone who could be harmed by the hazards you identify and how this could happen, including when and where.
Those affected might include members of your team, whether staff or volunteers, including homeworkers, and lone workers. Also your beneficiaries and other visitors to the workplace.

Think also about any special groups who might be more vulnerable to particular harm and may need additional support, such as new or expectant mothers, or people with disabilities.

It might also include those who may have communication difficulties, such as people who don’t have English as a first language.

Once you know who can be harmed, decide how and when it could happen.

Together, the who, how, and when, will give you the likelihood of something causing harm.

Step three – evaluate the risk and introduce safety control measures

Step three has two parts. Firstly to evaluate the risk; and secondly, to introduce safety control measures.

We evaluate risk by combining the likelihood of the hazard, which we have worked out from step two, with the severity of the hazard.

But what if we need to find out more about the hazard before deciding how severe or dangerous it can be?

We can do this by looking up the hazard on the Health and Safety Executive website; and then consulting the manufacturer’s handbook, data sheet or their own website.

So something that has a high degree of severity, and a moderate to high likelihood of occurring, would be a high-risk hazard.

Once you have evaluated a hazard; you can put in place safety control measures.

Always consider the most effective measure first. Your starting point should always be to try and remove the risk altogether. (For example, although you could warn people about a slippery surface, the best remedy would be to remove the slippery surface and replace it with a safe one).

If this isn’t possible then see if there is some less risky way of doing the same thing, for example using a different technique or with different equipment or substances.

Other measures might be to reduce access to the risk (such as cutting the time someone is exposed to the risk, or perhaps using a smaller pool of people). Or to use personal protective equipment.

Finally, make sure your team is trained on how to use your control measures, and that they receive clear instructions on how to mitigate the risk. It’s very important they understand the nature of the risk, and why the control measures are necessary.

Step four – record your findings

We now come to Step four which is to record your findings. One of the simplest ways is in the form of a table. This is the information you will want to record…

the hazard
who might be harmed
how they might be harmed
current control measures
any new control measures needed
who is responsible (for action)

Step five – monitor and review your risk assessment

The final and fifth step is to monitor and review your risk assessment. This will involve periodically checking that the control measures you have implemented are being used properly and that they are effective.

Any shortfalls should prompt a review of the risk assessment; and possibly result in new control measures (or better management of the ones you already have in place); and perhaps better training.

You should also review your risk assessment if there is an accident, or if new information about the hazard or activity becomes available.

So we are almost to the end of this video. Contact information and details of other training videos in this series follow.

Summary of the risk assessment process

identify the hazards
decide who might be harmed and how
evaluate and control the risk
record your findings
monitor and review

Thank you for watching.

Video Transcript was produced for CCVS by Green Pepper Consulting

Guidance links

CCVS Guide to Running a Safe Event

Hello, my name is David Green from Green Pepper Consulting; and in this short training
presentation I will be looking at how an event can be run safely.

Indeed, whenever you organise an event; you have a duty of care to those who attend. So
clearly you will want to avoid accidents or incidents that could cause harm to individuals.
The following explains what you need to do.

OK, This is what we’re going to cover…, We’ll start with the pre-event considerations, then
look at safety plans, followed by risk assessment, and finally, managing an event.
So lets begin with the pre-event considerations.

Pre-event considerations
Firstly, you should make someone have overall responsibility for the event’s safety.
Next, make a list of who will need consulting, such as the venue, your event partners and the
active participants. These could be performers, players, speakers, exhibitors etc.

If using contractors for any aspect, such as setting-up, lighting, catering, for example, make
sure they are safe and competent. Ask to see risk assessments and check references.
Alongside all of the above, check your organisation’s safety policy to ensure that you are
following your stated safety arrangements and responsibilities.
And finally, draw up an event safety plan.

This is a key step and we shall cover this next.

So what goes into a safety plan?
A key step in planning a safe event is to consult with those who will be involved.
As we have seen, this will include your team, the venue, any partner organisations and
active participants.

Consulting is important to identify the expected roles of those involved, the activities that will
take place at the event; and to find out about possible hazards and the risk assessments that
will be needed.

If you can, visit and inspect the venue as this can inform many aspects of your safety plan.
Next, sketch or obtain a site layout, even if your event is outdoors. This can help you decide
who goes where, the maximum numbers of attendees, and consider the entry and exit
routes etc.

Then assign someone to carry out risk assessments; and check those risk assessments
already supplied by the participants and others. Where gaps are identified, new risk
assessments should be undertaken.

The goal is to make sure everyone knows what safety measures are needed when the event
starts. There will be more on this topic later in the video.

While considering hazards, it is wise to consider contingencies in the case of severe
weather. Outdoor events are more prone to problems, but indoor ones can also suffer,
especially when approaches to buildings are slippery, or when hot weather is making venues
uncomfortable.

So assess poor wintery conditions, or hot summer days in the same way you would as any
other hazard; and plan your response.

Regardless of the size of your event, you should include a crowd or people management
plan. For bigger events youmay also need to include traffic management.

You will also want to ensure, if necessary, that you can contact key people during the
event…so prepare a contact list; and know where they will be if you need them.

A good way to ensure things run smoothly is to appoint members of your team as stewards,
and brief them on what they will need to do. This will include people management, ensuring
safety controls are followed, reporting problems and dealing with accidents.

A very important part of the planning process is to know how to deal with emergencies. You
need to ensure that there are clearly marked fire exits, and that your team of stewards know
what to do if the worst happens. You should also nominate a person to call the emergency
services.

Finally, your safety plan should also include arranging insurance if your existing insurance
does not extend to events. And don’t forget to check information about facilities such as
drinking water, toilets and anything else the venue can provide to help with wellbeing.
Where the venue can’t provide such things, you may have to use contractors so don’t leave
arranging these until the last minute.

Here then is a short summary of what goes into a safety plan.
• consultation
• layout of venue
• risk assessment
• weather contingencies
• people/traffic management
• contact list
• stewards
• emergency procedure
• insurance
• and facilities

Risk assessment
We now come to risk assessment.
This will form a vital part of your safety plan; and the results of your risk assessments will
decide how your event can be run.
The process involves assessing all foreseeable risks, whether they be from the activities of
your organisation, the active participants, your chosen venue, or even the public.

So as well as your own risk assessments, you will need to consider any risk assessments
provided by the venue, exhibitors, performers, stall holders, speakers, contractors or
whatever other organisations are involved.

It is from these risk assessments that you can take steps to avoid or control any safety risks
that are presented by your event.

But what does a risk assessment involve…? Well, there are five steps involved in risk
assessment…
1. Identify the hazard(s)
2. Decide who might be harmed, and how
3. Evaluate and control the risk(s)
4. Record your findings
5. Monitor your safety measures, and review them if needed
For more detail on risk assessment, please see our separate training video, Risk
Assessment Made Simple.

Managing an event
The final topic is “managing your event” from a safety perspective….
There are a number of considerations.

Firstly, before the event starts ensure that health and safety is covered in an induction for
stewards and the active participants so that everyone understands their role, including what
to do if there is an accident.

Next, check that safety measures are in place.

Thirdly, make sure there are signs and notices to help enforce health and safety.
Also, ensure that stewards and active participants are aware of the emergency procedure;
and understand what they would have to do, should an emergency arise.

Ensure that stewards can guide people so they can move safely into, during and out of the
event. This people management should be in your safety plan. Good signage to car parking
may also be needed.

During the event, monitor safety measures during the event as it progresses, and be ready
to act on a problem.

Finally, check-in with stewards during the event, so keep close at hand your list of key
contacts and your safety plan.

Once the event finishes, do another inspection to check any taking down of equipment is
following correct procedures; and that the venue is left in good order.

Then debrief your team, and learn any lessons for next time.

Well, that’s all our topics covered. So before I finish, let’s have a very brief summary of what
it takes to run a safe event…
Consult all those who will be involved
Draw up a safety plan
Assess risks and implement safety measures
Raise awareness of the safety plan so everyone knows who is responsible for what
particular actions
And finally: Monitor safety as the event progresses.
….Thank you for listening.

Data Protection

10 March 2025/by Karen Cann

What You Need To Know
What You Need To Do
Writing a Privacy Notice

Data Protection Part 1: What You Need To Know

Welcome.

This is a short training video from Support Cambridgeshire, the first in a series on data protection.

We’re looking at the essentials of data protection law. In other words, what you need to know.

Let’s see what we’re going to cover. We’ll begin with a short look at why privacy matters, and then we’ll move to the principles behind data protection which are set out in law. Then we’ll look at the lawful reasons for which you can process personal data. Finally, we’ll finish off this video with a look at individual data protection rights.

But before we begin, let’s remind ourselves what we mean by personal data.

What we mean by personal data

Personal data is any piece of information, including a photograph, from which an individual can be identified. So name, address, payroll number, or bank account number, for example, are all forms of personal data. But things like hair colour, shoe size, town of birth are not personal data because on their own, none of these things can identify a single individual.

Of course, when you combine certain data, such as a person’s race with their name, for example, then both would be classed as personal data.

Learn more about Key Data Protection Terms.

Why privacy matters

Okay, so why should we be bothered about privacy? Isn’t it just common sense?

Well, it’s much more than that. We all have a right to privacy, and if that right is broken, then the consequences can be severe. For example, the release of personal data about health conditions or perhaps trade union membership could result in discrimination or even dismissal by an employer. Of course, criminals use personal data for identity theft and fraud, blackmail, ransom, and other threats.

But failing to respect privacy can damage voluntary organisations as well. For a charity, it can lead to bad publicity, damage to reputation, loss of support and funding, fines, and the extra costs of putting things right.

That’s why we have data protection laws, namely the UK GDPR, which is how it’s known following Brexit, and the 2018 Data Protection Act. But what do these laws say?

The principles behind data protection

Helpfully, the UK GDPR sets out a number of principles by which personal data must be processed. Follow these, and you shouldn’t get into trouble with the law.

The first principle is that you must have a lawful reason or basis for your processing. There are six of these which we shall look at later.

Next, you can only use the data for the purpose it was collected. For example, you can’t use someone’s details for sending them funding requests if you’ve only said you will use it to provide a particular service.

The third principle says you must only collect and process data that is necessary, so no asking for a postal address if you only ever intend to email someone.

The fourth principle is that the data you process must be accurate. This means you must take reasonable steps to keep it up to date.

Fifth, it should be kept for no longer than is actually necessary. Once it’s not needed, it should be deleted.

And six, it must be secure. This means you need good cyber and physical security for the data.

Finally, the seventh principle says you are accountable for how you handle data, so you need to make sure you can demonstrate compliance with the law.

Now, as we’ve seen, the first principle of data protection is that you can only process data for a lawful reason.

Lawful reasons on which data can be processed

Let’s just look at the six lawful reasons, sometimes called bases, on which data can be processed.

The first reason or lawful basis for processing personal data is consent. To be valid, this consent must be freely given by clear, affirmative action for each processing reason.

There can be no generic or bundled up consents and no pre-tick boxes for someone to untick. Finally, it must be easy to opt out, withdrawing or revoking consent at any time.

The next lawful reason for processing is contractual. This is where we process data with a view to entering into or operating a contract. Processing personal details, such as in a quote for some work is a contractual reason for data processing.

We now come to legitimate interest. This is a useful reason to have for data processing because it’s so flexible. However, the small print says that your interest must not override the privacy interests of the individual, so the processing has to be something transparent that the data subject would expect. A business interest, for example, can be a legitimate interest if it is clear and expected. A good example might be processing the names of individuals who have applied to attend a training course. Clearly, you can’t process applications without collecting names. Anyone who signs up would expect you to do this, so there is no hidden processing or undermining of an individual’s privacy.

The fourth of our six reasons is legal obligation. This is where you are required to process the data by law. For example, an employer has a legal duty to collect income tax through Pay As You Earn, which clearly requires the processing of personal data.

The next reason is vital interest. It applies in very limited circumstances, specifically when there is a risk to life.

The sixth and final lawful reason applies to public authorities and elected officials, such as a councillor or member of parliament. Here, personal data can be processed lawfully, specifically in order to provide a service or to perform a public task.

Individual legal rights

The next part of this video involves looking at the individual legal rights people have on how their data is processed, all of which are enforced by a regulator, the ICO, (Information Commissioner’s Office).

So what are these rights?

Top of the list is the right to be informed about how and why your data is processed. This is usually set out in a privacy notice which must be provided at the point that personal data is collected. We cover privacy notices in the third video in this series.

You also have a right to access your personal data that an organisation is processing. This is enacted through a “subject access request”.

Next, you have a right to have errors rectified once the organisation has been made aware of the error.

And you have a right to restrict processing. This limits how data can be used and usually applies when the accuracy of data is contested or while an objection to data processing is being considered, which leads nicely into your specific right to object to processing in certain circumstances. For example, if you object to your data being used for direct marketing, or if you question why an organisation is relying upon their legitimate interest as the lawful reason for the data processing.

You also have a right to be forgotten, that is to have data erased when data is no longer needed. For example, if the data is historical or if you have withdrawn consent for processing.

Perhaps not used quite so often is a right to data portability, which allows you to reuse your data for your own purposes across different services. This is how, for example, insurance comparison sites work.

Finally, you have certain rights in relation to high volume automated processing and profiling. This is something used to evaluate an individual based on their personal data and decide, for example, what products they may like to buy.

Okay, that’s all we’re covering in this video, so let’s quickly recap.

To protect privacy, you should comply with the seven data protection principles, which includes processing data securely and being accountable for what you do. You should always have a lawful basis for every data processing operation. Finally, you should uphold the data protection rights of individuals, which, among other things, means providing privacy information.

For practical advice on compliance with the law, please look out for the other titles in this Data Protection Series.

And to learn more about the areas we have covered in this video, please refer to the ICO website.

Guidance links:

Data Protection Part 2: What You Need To Do

Welcome.

This is the second short training video produced by Support Cambridgeshire in a series on data protection. In this one, we’ll be looking in particular at the key steps you should take to comply with data protection law.

But first, here is a very short recap on what we covered in video one.

Video one highlighted the seven principles of data protection that underpin the law. One of these is that you must have a lawful reason to carry out your processing. There are six lawful reasons, including consent, entering into a contract and legitimate interest. We ended the first video explaining that individuals have a range of legal rights, including the right to be informed and to have access to the data you hold on them.

With these things in mind, what are we going to cover in this video? Firstly, we’ll begin with what you’re allowed to do with other people’s personal data. Then we’ll look at what steps you must take to comply with the law and so meet your legal duties. This will include looking at data audits, privacy notices, data protection policies, and staying accountable. Finally, we’ll finish with a look at the vital subject of data security.

Other people’s personal data

Let’s look at what you’re allowed to do with personal data. The answer may surprise you. If you stick to certain requirements, in other words, the data protection principles and respecting an individual’s data protection rights, you can do almost anything with someone’s personal data.

This includes processing their data without consent, because consent is just one of six legal reasons for processing data. Profile someone and target specific individuals. Share data, including that of a personal nature such as to do with health, criminal records or a protected characteristic. Sell data, refuse someone a job or even prescribe someone (in other words, bar or prohibit someone from something).

Remember, though, the data protection principles are strict, and they include having a legal reason for processing data and only processing data for the purpose it is collected.

Complying with the law

This looks at what you must do as an organisation to comply with the law.

The place to start is with a data audit. To make sure you comply with the law, you first need to understand all the different types of data you are collecting. So carry out a data audit to find out what is collected, how, why and when you do this. Also, look at what you actually do with the data, including who, if anyone, it is shared with and how it is stored.

The importance of auditing your processing operations cannot be understated because it will inform your future data processing arrangements. For example, the audit allows you to decide the legal reason for each of your processing operations and to identify any associated privacy risks.

Once the audit is complete, you can also use it to produce a privacy notice. This is used to tell people whose data you are processing, why you need their data, and what you’re doing with it. In this way, you’ll be meeting an individual’s right to be informed.

Your privacy notice must include certain required information as set out by the Information Commissioner’s Office, the Data Protection Regulator. One of these is the lawful reasons by which you are processing data, but others include how your data is stored and who has overall responsibility for data protection in the organisation. Privacy information must also be made available at the time data is collected. You will need to think about your data collection methods and how your privacy notice can be made available to individuals. Again, your data audit should help with this.

Given the importance of privacy notices, we have devoted the third video of our data protection series to this topic. Please view the video to find out how you write a privacy notice for the data you process.

General data protection policy

Alongside your privacy notice, you also need to have a general data protection policy.

This will explain how you meet other aspects of data protection law and good practice. It’s all about showing that you are accountable, trustworthy, and transparent.

So what does a data protection policy look like? It should start by setting out your commitment to protecting privacy and the levels of responsibility for data protection within your organisation. This includes stating who is in overall charge of data processing. It should then go on to cover all your arrangements for compliance with the law. The arrangements should cover things like your data processing audit, your data security, your data sharing arrangements, and clear procedures for dealing with data breaches, requests, or complaints connected to individual rights.

To help you develop a suitable policy, a template is available from Support Cambridgeshire. In addition, the NCVO have produced some guidelines for writing a data protection policy, and the link to the relevant page on their website cab be found in the guidance links below.

You need to account for your actions when you process personal data and show that you are complying with the law. Indeed, this is one of the seven principles of data protection. Keep good records, make sure your data protection policy is fit for purpose, and that the arrangements it describes are working properly. Make sure your team is fully trained on how to process data securely and that they know how to recognise cyber attacks like phishing.

As I explained in the first video of this series, consent, when used as a lawful reason for processing, must be given freely and it must be possible to withdraw the consent at any time, something that must be made clear when consent is given. When it comes to email marketing circulars and e-newsletters, obtaining consent is the only legal route you have.

Indeed, an individual must consent to be placed on the marketing mailing list, and they must be able to withdraw that consent at any time. This means including an “unsubscribe” notice, or preferably an “unsubscribe” button on every email or newsletter.

However, an upcoming change in the law will allow charities and voluntary groups to apply what is called the soft opt-in in certain circumstances. This means that direct consent will not necessarily be required. More information can be found in the guidance links below.

Data security

Keeping your data safe, both physically and electronically, is absolutely essential, so you must train your staff and/or volunteers in data security. In fact, you can be fined quite heavily if you fail to protect your data from hackers and thieves, even though you, as an organisation, will have been the victim of a crime.

So make sure that you: one, control access to data who and where with robust passwords and two-factor authentication of users. Two, regularly back up your data. Three, ensure physical security… The doors, locks, lighting, CCTV, etc. Four, ensure safe disposal of data waste. Five, control the use of laptops and other mobile devices with encryption, passwords, antivirus software, etc. Six, keep software and operating systems up to date. And seven, develop a cyber incident plan so you are ready to deal with any problems if they arise.

Summary

Okay, we’re almost at the end of this video, so let me sum up.

As long as you have a lawful reason for your processing and can meet all the other data processing principles, then you can process data for all sorts of reasons. But to stay within these principles, you must comply with the law. To do this, you need to know what data you are processing and why, and what exactly you will do with it.

This is where a data audit helps. You should also have policies and procedures setting out who is responsible for what aspects of data protection and the different arrangements you have in place for legal compliance. Key among these is the need to provide privacy information at the time data is collected.

So use the videos and other resources from Support Cambridgeshire and then complete a data audit. Do this and you’ll find that data protection compliance becomes straightforward.

For further information, please refer to the Information Commission’s website and see guidance links below for information on: key data protection terms, who needs to register with the Information Commission’s office, dealing with freedom of information and subject access requests, and the soft opt-in for sending out marketing emails.

That is the end of this video, so thank you for watching..

Guidance Links:

Key Data Protection Terms

Who needs to register with the ICO

Freedom of Information

Subject Access Requests

The soft “opt-in”

Guidance on direct marketing using electronic mail

Privacy notice generator tool

Writing a data protection policy and procedures

Guidance on AI and data protection

AI risk toolkit

Data Protection Part 3: Writing a Privacy Notice

This is part three of a series produced by Support Cambridgeshire on Data Protection. In this video, we are looking at writing your privacy notice.

Let’s see what we’re going to cover.

We will start by looking at why you need a privacy notice. Then consider where to start. Next, we’ll look at the very important content of a privacy notice. Lastly, we’ll look at making your privacy notice available to people.

Why you need a privacy notice

So why is it needed? A privacy notice is a statement that tells someone how and why you will be using their personal data. Essentially, it’s a tool to help you comply with the transparency obligations of the UK General Data Protection Regulation, commonly known as the UK GDPR. Because of this law, individuals have a right to be informed, and to comply, you must provide privacy information that tells individuals about your data processing in a way that is easily accessible and easy to understand.

Where do you start?

To provide individuals with privacy information, begin by checking your data audit. If you don’t have a data audit, then carry one out to find out about your processing activities. This means looking at each data processing operation in your organisation and deciding what you are processing, why you’re doing it, where and when, the lawful reason that allows your processing to go ahead and who the data is shared with, how it is stored, and so on.

By doing the data audit, you will have all the information you need to get started on a privacy notice.

What about the content?

Exactly what should go into a privacy notice is set out by the Information Commissioner’s office. This is the UK regulator responsible for data protection.

Your privacy notice should include the following: what personal data you use such as name, address, telephone number, and email addresses; why you use it, in other words, what you need it for; how you use it; who, if anyone, it is shared with, such as another organisation or agency; How long you will keep it. It should also provide the lawful basis for your processing, for example, this might be consent; the name and contact details of your organisation; the rights of individuals, and how to complain.

There may also be some other things that should be included, but only if they apply to your processing. These are, if not obtained from the individual, then the source of someone’s personal data; your legitimate interests for the processing. This only applies if you rely on legitimate interest as a lawful basis. The right to withdraw consent. Again, this only applies if consent is your lawful basis for processing.

Making your privacy notice available

But how should you go about providing privacy information? How and when do you make your privacy notice available?

Firstly, it must be provided at the time personal data is collected. This means it can be provided in person or if a link is given, then to a website. But remember, putting your privacy notice on a website is only going to reach those people who look at that particular website. It must also be in a concise accessible format using plain language, so keep it short and jargon free. Remember also that you don’t have to overwhelm someone with privacy information, so you can make it available in layers or parts to suit your audience. You can also use handouts, clearly visible footnotes, dashboards, icons, and banners as as needed.

Summary

A privacy notice is essential to meet your transparency obligations and should provide information about how and why you process someone’s data. There are certain pieces of information that you are required to provide, and it must be given at the time that personal data is collected. Finally, it must be clear, accessible, and free of jargon.

For further information, please refer to the Information Commissioner’s website. This includes under the section on “advice for small organisations”, a privacy notice generator tool. And a sample of a privacy notice generated by this tool is also available from Support Cambridgeshire.

Finally, there is a transcript that accompanies this video with links to additional information on key data protection terms, who needs to register with the Information Commissioner’s office, dealing with freedom of information and subject access requests, and the soft opt-in for email marketing newsletters.

Guidance Links:

Key Data Protection Terms

Who needs to register with the ICO

Freedom of Information

Subject Access Requests

The soft “opt-in”

Guidance on direct marketing

Privacy notice generator tool

Writing a data protection policy and procedures

AI and data protection

AI risk toolkit

Fundraising basics for small voluntary groups and charities

14 January 2025/by Karen Cann

Fundraising basics for small voluntary groups and charities

Slide 1

Hello and welcome to this recording from Support Cambridgeshire. This training introduces the basics around fundraising that any group should consider.

You’ll find the guidance links to all the materials mentioned in this recording at the end of the accompanying transcript.
This recording focuses on fundraising through encouraging donations and contributions to activities and events. If you want to find out more about applying for grant funding we have another recording you can look at called Funding Application Tips and you can also look at our Support Cambridgeshire 4 Community funding database available for free on our website which gives information about funds for not for profits in Cambridgeshire.

Slide 2

Fundraising provides vital unrestricted income for small charities. Unlike most grant or contract funding, it is not usually ring fenced for a particular purpose and can be used to cover essential costs that support the delivery of the group’s mission or build reserves that can be used at the discretion of the trustees to build sustainability.

However, with changing economic conditions and new trends in donor expectations, staying effective means adapting and refining your fundraising approach. In this session we’ll look at some key fundraising trends , explore a basic fundraising strategy, discuss building a supporter base, highlight the importance of a strong case for support, touch on the fundraising mix, and finally, outline some tips for planning your fundraising activities.

Slide 3

Key Fundraising Trends include

The need to focus on donors from all age groups although older donors remain important for regular donations and legacies, younger donors are more likely to engage in events and in fundraising volunteering
Digital Fundraising continues to be important despite the return and growing popularity of in person events. Digital fundraising includes donations made through websites and giving platforms as well as social media and email marketing. Mobile-friendly giving is key with more people than ever browsing and donating through mobile devices. Areas of focus include:
- Livestream fundraising – this has been steadily growing on platforms such a Twitch involving people making donations while watching others play online games
- In person events using digital fundraising tools have also been growing in popularity. Both those centred around socialising such as quizzes and coffee mornings and exercise challenges such as fun runs.
The need for greater transparency in relationships with donors: Donors want to know exactly where their money is going. They want to see impact through storytelling, social proof, and real-time updates. The most popular causes continue to be health, children and animals with most individuals supporting 2 or 3 causes
Opportunities for Corporate Partnerships: Businesses are increasingly looking to align with social causes both to appeal to the values of their staff and to deliver on their social responsibility commitments.
Environmentally conscious campaigns appeal to many donors, especially younger ones, but groups need to ensure they make this alignment with integrity and avoid green washing.

Slide 4

Fundraising insights

Given these trends what sorts of things could you do to improve fundraising success?

Set fundraising targets and developing fundraising strategies to meet these targets
Diversify sources of income
Manage data to gain an understanding of your supporters and their patterns of giving behaviour.
Make use of AI’s potential to utilise data to anticipate supporter need, predict behaviours and improve efficiency. As well as using free AI packages to help generate resources.

Slide 5

A Basic Fundraising Strategy

A fundraising strategy is essentially a roadmap to achieve your funding goals over the next few years. Creating a strategy doesn’t have to be complex:

Start by reviewing where you are now with your fundraising:
1. How much did you raise in the last couple of years? Which of your activities and events were most successful in raising funds?
2. Who are your existing supporters and how do they support you? Include those that give you their time and in-kind support to help raise funds as well as direct financial contributions. Are your supporters’ individuals in your local community, small businesses, specific groups with a passion for your cause or some other group? Think about what you know about your supporters and how you can build a closer relationship with them.
3. What is the environment you are operating in? Do you have competitors for funding? What are the likely barriers to supporter engagement? For example, cost of living increases or demographic change.
Set your goals: Define how much money you need to raise over a particular period and why. If you have a business plan this should be reflected here. Be specific – knowing your exact funding requirements and purposes will make it easier to communicate this to supporters.
Select Fundraising Methods: Choose the tactics that best fit your resources and audience, we’ll discuss this further when we look at the fundraising mix.
Allocate Resources: Who can you involve and how, what budget can you afford to allocate?
Finally, continually monitor your efforts, and don’t hesitate to adjust your tactics based on what works and what doesn’t.

Slide 6

Developing a Supporter Base

For small charities, a cohort of loyal supporters can be more valuable than simply aiming to grow your number of supporters. Loyalty is developed by creating relationships. Here are some points to consider:

Keep in touch: Send out regular updates and stories via social media, emails, and newsletters to help build your community around your cause. The most effective messaging will outline the positive difference their support has made to your beneficiaries.

Show appreciation: Thank your donors so that they know their contributions matter and are valued.

Find ways to engage people: Not everyone can give money, so consider ways they can volunteer, share your cause, or contribute their skills.

Create Donor Journeys: Think of the donor relationship as a journey, from first contact to regular giving, advocacy, and potentially legacy giving. Nurture relationships at each stage.

Slide 7

Developing a Strong Case for Support

A compelling case for support is critical – it’s what communicates the need and urgency of your cause. To develop this effectively:

Clearly Define the difference you want to make: What problem are you solving, and why does it matter? Describe how contributions make a tangible difference.
Share Stories: Facts and figures are essential, but stories create emotional connections. Share real stories of those whose lives have been changed by your organisation’s work. You may want to make it clear if you are intentionally keeping beneficiary identities anonymous.
Show Accountability: Highlight how donations are used. Transparency and accountability build trust and show that you’re responsible with funds.
Include a Call to Action: Be direct about how supporters can help. Whether it’s donating, volunteering, or spreading the word, make the call to action clear and easy to follow. Don’t be shy about making an ask here is a lot to be said for a big red donate button.

Slide 8

The Fundraising Mix

The fundraising mix is the combination of methods you use to bring in donations. The mix you develop will depend on your specific goals, resources, audience and attitude to risk. The main elements of the mix are:

Individual Giving: This can be one-time giving, such as a collection outside a supermarket or regular giving through direct debit offered by more committed supporters. It is essential that donors’ data is kept secure and that there is good communication to build relationships and to be responsive. Individuals may also give by paying your organisation for goods or services
Community Events: such as charity runs, bake sales, or fetes allow you to engage face-to-face with donors and build connections to create a wider base of supporters. This type of fundraising is resource intensive and requires careful management of costs to ensure a good return on investment. You will find resources to support event fundraising in the transcript accompanying this recording and for larger events check out your local authority’s safety advisory group page – this covers advice around any licencing and permission required.
Peer to Peer fundraising is when supporters raise money on your behalf via their existing networks typically through social media or donation platforms like JustGiving that can reach a wide audience with limited overhead costs.
Crowdfunding for not for profits usually involves asking people to donate to a campaign run by an organisation to achieve a specific purpose and within a set time frame. Although we usually associate crowdfunders with online giving platforms, crowdfunding has been used to good effect for many years to raise funds, for example for community buildings. Some crowdfunding platforms such as ‘Crowdfunder’ and ‘Space Hive’ offer access to match funding opportunities.
Finally we have organisational giving: where businesses or organisations such as the Rotary Club may offer sponsorship, volunteering or in-kind donations

Slide 9

Fundraising Planning

In addition to creating a fundraising strategy you’ll need a shorter-term action plan. Here are some tips to consider:

Create a Calendar: Map out key fundraising activities throughout the year, considering factors like seasonal giving trends, annual events, busy delivery periods and your cashflow forecast. For example, Giving Tuesday is a matched crowdfunding opportunity that takes place in December but requires groups to sign up for it in July There is a link about Giving Tuesday in the transcript.

Create a budget: Allocate funds to cover fundraising activities, keeping your budget realistic

Set short term targets: such as funds raised, donor retention rates, and event attendance. These will help you assess progress and guide future planning.

Evaluate and Reflect: Regularly assess your fundraising efforts. What worked well, and what didn’t? Use these reflections to feed into what you do.

Slide 10

Fundraising compliance

Any charity that is carrying out fundraising activity, even on a small scale, is subject the Fundraising Regulator’s code of fundraising practice. The code exists to protect the public and encourage those involved in fundraising to follow best practice. You can find a link to the code in the transcript. The code includes a requirement to have an easily accessible complaints policy and to put in place safeguards on how to handle and bank any money collected. Your organisation will also need to comply with other relevant regulations for example around safeguarding, health and safety, food hygiene and licencing. See the links in the transcript for more on these.

Slide 11

Data protection

Data protection is crucial to ensure the privacy and security of supporters information from unauthorised access, misuse, or loss. This is important not only to comply with legal requirements – such as the General Data Protection Regulations – but also to maintain trust and credibility with your supporters. Take a look at the links relating to this topic in the transcript.

Slide 12

In summary

Fundraising brings unique challenges and opportunities. By staying on top of trends, building a dedicated supporter base, creating a compelling case for support, mixing various fundraising methods, and planning strategically, your organisation can become more sustainable.

Slide 13

To find out more

For more detail on all of the topics covered here, check out the guidance links in the recording transcript.

You can also contact our team for help including help with policies and templates at

Info@supportcambridgeshire.org.uk and you can join our online fundraisers network to link in with other fundraisers across the county.

Guidance links

For more information contact our team on info@supportcambridgeshire.org.uk

Join Support Cambridgeshire’s Fundraisers Network

General background information

Fundraising facts you need to know in 2025 (Charity Digital)

Charitable Support Across Generations in the UK and Ireland (Blackbaud institute Nov 24)

UK Civil Society Almanac 2024 (NCVO)

UK Giving 2024 (CAF)

Introduction to engaging with business (Support Cambridgeshire/Get Synergised)

Fundraising resources

Guidance and resources for small charities (Chartered Institute of Fundraising CIoF)

How to build a fundraising strategy (Charity Digital )

How to boost your charity campaigns with AI (Charity Digital)

How to perfect the donor journey (Charity Digital)

Storytelling to support your goals (Support Cambs)

A-Z of the best fundraising ideas for charity (Charity Digital)

Livestream fundraising

Complete guide to livestream fundraising (Charity Digital)

Gaming for good fundraising pack (End Youth Homelessness)

Jingle jam

Events

The ultimate event power pack (Cambridge City Council 2024)

Ideas & resources (Eden Project)

Safer activities and events (NSPCC)

Event Safety Checklist (CCVS)

Local authority safety advisory group guidance:

Cambridge City Council

Data protection

Advice for small organisations (ICO)

Compliance

Community fundraising and events (Fundraising regulator)

Trustees and Fundraising a practical guide (CIoF)

Grant funding

Funding Application Tips (Support Cambridgeshire)

Support Cambridgeshire 4 Community funding database

Storytelling to Support Your Goals

3 December 2024/by Karen Cann

Storytelling to Support Your Goals

Slide 1

Hello and welcome to this recording from Support Cambridgeshire, a partnership of Cambridge CVS and Hunts Forum. This is one of several recordings we have developed to support small charities.

To accompany the recording there are guidance links, available at the end of the transcript which will provide you with any materials or links we mention.

Slide 2 What we’ll cover:

During this short introduction, we will cover

Why we tell stories

The power of purpose

Story structure

Sharing stories – how to maximise your efforts

I will also be referring to some case studies to provide real-world practical examples showing how charities have used storytelling in practice to promote their cause. This on-demand training is aimed at individuals linked to community and voluntary groups and small charities, the goal is to encourage you to take your first steps on your storytelling journey and to briefly introduce you to how to make the most of your stories.

Slide 3 Why Should You Tell Stories

Its important to get the fundamentals of storytelling right first. Why should you as a (not for profit) tell stories ?

Stories build interest, awareness, and empathy

Your story is what attracts people to you—and what keeps them coming back.

They are the basic building blocks for reaching every goal you have as listed on the slide this includes raising money, recruiting partners and volunteers and building relationships.

Slide 4 How do you begin your story?

How do we start putting your story together? As we all appreciate, everyone has limited time – you as an individual, as an organisation, and your target audience. So thinking through how a story can help you achieve your aims and make a difference is important. So how do you create a story that achieves the outcome you want? Like a lot of things, it starts with questions. Keeping these points in mind when creating content or a campaign could help you achieve your storytelling goals.

Who are you telling your story to?

Why are you telling it?

What do you want to happen and when?

I will discuss each question in a little more detail over the next few slides.

Slide 5 Who are you telling your story to

So lets start with the “who?”

It’s really important that you get to know your audience. This will help you to create a more targeted campaign. You might think about segmenting your audience – introductory guides on how to plan your campaign are included in the links. Consider what barriers your audience are they facing – that are perhaps stopping them from engaging with your cause – is it time, digital or other access needs, finances etc. Also think about how they might want to get involved, based on what you know about them – so for example busy working individuals may want quick information on how they can support your cause outside of core working hours

Slide 6 WHY are you telling your story?

WHY are you telling your story? There could be many reasons or just one, but thinking about this will help you to achieve your goals with your story. Don’t tell a story or share content for the sake of it. Think through the outcomes you want to achieve early on and this will inform the story you tell and how you tell it

Slide 7 What do you want to happen and when?

What do you want to happen and when? What would you like the reader of your story to do or how you would like your story to impact your reader? It can be helpful to categorise your story to shape your message. You might think along the lines of a hard or specific ask for example; you want your reader to “donate here” or “volunteer now”. Or perhaps you want your story to have a “soft ask” so that your story shares information and inspires your reader to access further information or to further action.

Make sure your call to action is clear, for example, “click here to donate.” It is clear to your audience “when” they should take action.

Slide 8 Case study

This case study highlights how simple it can be to share a story. I found this very straightforward yet powerful story on the COOP website

The story is: Ian is a talented conductor, he has been a part of the Paisley Abbey choir for 20 years, he started a new community group called The Paisley Senior Singers. The group aims to attract seniors in the local area and beyond to join their singing and social group, on a weekly basis. The story shares details of when and where and who to contact for further details. There is also some text about sharing your own story about how your community has come together to support each other.

Referring back to our starter questions: Who, Why, What and when……

Who: Ian is a volunteer who wishes to support his community in particular the lonely older people, he is a talented conductor.

Why: The aim is to decrease loneliness, improve well being and increase community engagement

What: Ian used his experience to set up a group to engage with the local community to improve well being. The call to action is to share your community engagement story

When: Coop are asking community groups to share their stories about how their community has come together to support each other, there is a clear Call to action: “Share your story” button on the page.

Slide 9 Be More Cat

A useful tool to support you with starting to tell your own stories: it is to be more CAT

So looking at our Paisley Senior Singers case study again

Challenge: Decrease loneliness and increase community engagement

Action: engage with local community to improve well being

Transformation: volunteer used his experience to set up a group to engage with local community to improve well being. The call to action/transform is: share your own story on how you transformed your community for the better.

Slide 10 A second case study

A second case study. This is actually about a cat. This is a Cats Protection social media post. The story is about a cat called Gizmo who was found 20 miles away from his home, he had jumped into a delivery van, but he was microchipped so when he was found he was returned to his owners without further delay. The post included a direct quote from the joyful owners of Gizmo.

So there was a Facebook post, with text and pictures

Breaking the story down using the questions I posed earlier

Who is the story aimed at – cat owners – and what do cat owners like – pictures and stories of cats. This social media story includes a cute pic of a cat to ensure a wide reach with a personal story and a happy ending, where Cats Protection has played a positive and vital role, and how the target audience as cat owners can help Cats Protection to continue their work.

Why share this story – to keep cats safe. Cats Protection mission include rehoming cats and championing their rights, ensuring they return to their owners when they are lost forms part of their key objectives.

What outcomes does Cats Protection want to achieve with this story: If cats are lost, they can be returned home quickly and safely, and microchipping cats ensures this happens. So increase the number of cats being microchipped.

So; the final call to action is to Find out more about microchipping with a link

I have also posted a screenshot of some of the comments just to show how a Social Media post can engage an audience and continue the story, with re-shares, comments by other cat owners with their own stories and likes etc. So the one story about Gizmo can generate a conversation and “microchipping movement.”

Looking at this same case study using the CAT tool:

The Challenge is to engage with cat owners to encourage them to microchip their cats

The Action is to share Gizmo’s successful story and to inspire cat owners

The Transformation is for cat owners to be inspired to learn more about microchipping and microchip their own cats.

Slide 11 Sharing stories and how to maximise your efforts – less can be more

Moving on to sharing stories and how to maximise your efforts. Really helpful to remember that when thinking about digital storytelling, especially social media, think less is more. A few top tips are included on the slide

Keep sentences short (20 words maximum)

Keep films short 2/3mins maximum

Use short words

Don’t over-do punctuation

Be concise

Use every day English

Be authentic

Slide 12 sharing stories and how to maximise your efforts – accessibility

Sharing stories – how to maximise your efforts. Accessibility. There are a lot of free readability and accessibility software to assist you with this, including Microsoft which can help with accessibility, Grammarly can help with readability and CHAT GPT and AI can also be used to create content BUT be careful and make sure you are checking over any AI created content, so that it is your story and it makes sense. There are also some helpful, straightforward style guides when using various software tools. For example; Social media now have Alt text features and most have their own accessibility guides that tell you what to do. But across all platforms think about your presentation including your font and colours etc. There are some helpful links and resources on the slide

Slide 13 Memorable stories

To be able to maximise our efforts we want to make sure we are creating and sharing memorable stories, but what makes a memorable story? There is a clear beginning, middle, and end. The story is fairly short. It offers some action or transformation. We have already discussed this when we looked at story structure and how to create our stories, remember our initial questions, why are we telling the story and what do we want to happen, and the CAT tool, what’s the challenge, action and transformation. Also, remember Less is More (from the previous slide) when sharing our stories. When we looked at our initial questions, we did look at “who are we telling our story to.” And this also forms part of creating memorable stories, we should aim to tell and share a story that is personally relevant to you or the person who shared it with you so that it creates that all-important emotional connection with your audience.

The links on the slide provide further information and guidance on this idea of emotional connection with your audience when telling and sharing stories. The first step in making this emotional connection is your story’s voice, which we will discuss next.

Slide 14 “Person first Charity second.” Third Case Study.

If you are sharing someone’s story, you want to ensure an authentic voice to create that emotional connection. You need to be respectful and ethical. Remember; person first and charity second. On the slide is our third case study, from the Anthony Nolan website (they are a blood cancer charity). The links are to a short YouTube video and blog post with photos, sharing Jo’s lived experience. This case study shows that successfully sharing someone’s story, using their own voice doesn’t have to be slick professionally created content, instead user-generated low-quality footage but with quality content can be authentic and engaging, this is because Jo is charismatic, positive and confident. The audience is left rooting for her and it’s an inspiring story of lived experience created and shared authentically in Jo’s own voice. But remember that sharing lived experience can be complex depending on the people your charity works with, you will need to make judgements about what is appropriate. You must ensure that consent and ongoing consent is properly obtained and recorded. (We have provided links to further resources in the final slides and transcript.) The key to sharing lived experiences and others’ stories, ethically is to ensure that you build a consensual relationship based on trust, which continues even after the story has been created and shared.

Slide 15 Choosing your platform

Where do we start with what platform to use to share our stories?

This initial first question can already be overwhelming before we have even begun to share. As you are probably aware different platforms can reach different audiences. On the slide there is a link to We are Social Digital 2024 which does break this down a little. So for example the younger generations tend to use snapchat and tik tok and perhaps older generations use Facebook.

Think about your knowledge and capacity, as an individual and as an entire team.

If you think back to the Cats Protection case study – when I shared the screenshot of the comments section to Gizmo’s story – those comments can be just as important as the original post in creating that engagement and momentum, keeping the story alive and present. So, the knowledge and capacity to monitor and engage with the comments.

And remember that you can reuse or edit your content so that it can be used on more than one platform. Thinking back to Jo’s story with the Anthony Nolan Trust on the previous slide it was a blog post with a photo and also YouTube videos – which were then shared and posted on different Social Media platforms as well as their website.

Finally, remember essentially you are a matchmaker – matching your story to the best platform – so that as many people as possible will see it / hear it and action it

Slide 16 It’s part of a Process

In summary, storytelling is part of the bigger picture of your group’s story and it is all part of a process starting with:

Your audience – who are you telling your story to?

How can you connect with them – create that emotional connection

Collecting and curating those connections, those lived experiences and voices and include everyone – your entire team;

Producing the stories. Remember structure – beginning, middle and end. Remember CAT – challenge, action and transformation.

When you hit share it’s not the end – watch what the impact is – learn from it so that when you consider your next story and digital campaign you can improve on the outcomes.

Slide 17 Policies and procedures

I am ending with a couple of important resources slide. You may already have in place policies around safeguarding, EDI (Equality, Diversity and Inclusion) and health and safety. But as you consider storytelling it is important to make sure that you also have policies for the way you work through digital channels and on digital platforms. I have listed a few policies here that you may not already have, and you may need to think about adopting, including:

Data protection & GDPR

Consent & Photography

Training & Guidelines

Digital Strategy

What to do if things go wrong? Dealing with complaints and negative comments

Social Media

Slide 18 Resources

Some further resources that may be of assistance

Slide 19 Here to Help

We hope that this training has been of assistance as you embark upon your storytelling journey. Please do reach out to us directly with any further support needs and do check out our website for further training resources.

Guidance and support links:

Charity Digital, Eight Steps to Planning Marketing Campaigns

Facebook, Understand Audiences

The Process of Effective Story

1st Case study: Paisley Senior Singers

From raw content to stand out stories – Chris Flood,

content and search lead, Cancer Research UK. Charit y Comms.

Pixar in a Box, The art of storytelling, Introduction to Structure

2nd Case study Cats Protection – Gizmo and Microchipping

Microsoft Word’s built-in readability guidelines

Content Design London’s readability guidelines

Diversity & Ability

Lisa Riemers , accessibility resources,

Charity Comms, Accessible Communication: a starting point to foster inclusive comms.

Thekar Pekar , Lesson from Retelling Stories, NeuroCooking

It drew me in… Christmas advertising is not only about storytelling, it is about the story of us as humans – Walnut Unlimited

3rd Case study: Jo’s story – Anthony Nolan and Youtube video – Jo’s story

The Power of Human Stories; How to be an authentic storyteller. Charity Comms

We are Social: Digital 2024 UK

The Catalyst, how to tell your story with digital

Policies and Procedures

Policies & procedures: NCVO help and Guidance (National Council for Voluntary organisations)

Data Protection & GDPR

Consent & Photos

Complaints

Training & Guidelines

Digital Strategy

Guidance support on social media from NCVO

Resources

Gov.uk Accessible Formats

Digital Culture Network

Pixar in a Box

Heritage Digital

Cambridge Online, YouTube

Here to Help

www.supportcambridgeshire.org.uk

To contact CCVS

enquiries@cambridgecvs.org.uk

To contact Hunts Forum

info@huntsforum.org.uk

Cybersecurity for Small Charities

28 October 2024/by Karen Cann

Slide 1

Cybersecurity

Hello and welcome to this recording from Support Cambridgeshire, a partnership of Cambridge CVS and Hunts Forum. This is one of several recordings we have developed to support small charities.

To accompany the recording there are guidance links, available at the end of the transcript which will provide you with any materials or links we mention.

Slide 2

What we’ll cover:

This training uses resources and training developed and supplied with consent from the National Cyber Security Centre (NCSC) and the National Association for Voluntary Community Action (NAVCA)

During this short introduction, we will cover:

Awareness of NCSC
Why Cyber security is important
What you and your group should be aware of and looking out for when it comes to cyber attacks
Where can you access support and resources for you and your group for free

This on-demand training is aimed at individuals linked to community and voluntary groups and small charities, the goal is to encourage you to consider your cyber security position.

Slide 3

Awareness of the NCSC

Who are the National Cyber Security Centre?

The National Cyber Security Centre or NCSC are formally a part of GCHQ, one of the 3 main UK intelligence agencies. The NCSC mission is to help make the UK the safest place to live and work online. The NCSC provides key and up-to-date guidance for charities which are free to use. Their website is a one-stop shop for any of your cyber questions. You can contact the NCSC via their enquiries page. There is a helpful link from Charity Digital article; An A-Z glossary of cybersecurity terms and definitions

Slide 4

What is a cyberattack?

A cyber attack is considered any malicious attempt to damage, disrupt or gain unauthorized access to computer systems, IT networks or devices (such as laptops, phones and tablets). Specifically without your knowledge and permission.

Recent cyber attacks have made news headlines; in June 2024 the NHS was attacked and several GP surgeries and hospitals were affected causing serious disruption. The British Library were also victim of a cyber attack in October 2023.

Slide 5

What is Cybersecurity?

In the opposite way Cyber security is the actions you take to protect your systems and devices from such an attack. By protecting your systems sufficiently, you stand a significantly stronger chance of keeping your systems and charity safe from an attack. Just as the internet is a fundamental part of life in keeping your charity running and accessible to all, so is your cyber-security.

Slide 6

Why are Charities and groups at risk?

Charities hold funds (often electronically), personal, financial and commercial data of interest to individuals and often of monetary value to a criminal. Often this data is sensitive, valuable and vulnerable to attack. Think about how your supporters would feel if their data was taken from your systems.

The Impact of a cyber-attack can range from missing data, stopping your operations temporarily or permanently, costs of a breach or lost revenue including the time taken to recover, and finally the reputation of your charity.

A Cumbria-based community charity, The Milom Network Centre, which supports local people with its food pantry, second-hand furniture sales and educational programmes, lost all of its charitable funds in May 2024 when it fell victim to fraud. Scammers emptied its entire bank account. Before the bank agreed to the refund the charity, they faced the very real fear of closure.

Slide 7

Who could attack a charity?

Cyber Criminals might attack a charity. This can be either untargeted or targeted. No matter which way it is, it’s usually always for financial gain. There is no information to say charities are specifically targeted over other sectors. However we know criminals scan the internet for organisations that have weak security defences.

If you think about an opportunistic burglar walking down street looking for properties with open windows. The burglar or cyber criminal won’t care if those windows belong to a small or large charity. It’s not just ransomware. Criminals can steal money through other routes like pretending, to be a supplier and asking for urgent payment on an invoice.

Nation States; There is currently no evidence of nation states targeting the charity sector but it is possible to be caught up in un-targeted attack by a nation state.

Lastly the Insider threat. And by that I mean a member of staff, volunteer, or trustee that’s working in the charity. The overwhelming majority of cyber incidents caused by insiders are accidental. However they can still have a significant impact on the operation of the charity. Its really important for charities not to foster a culture of blame for accidental ‘insider’ cyber incidents. It is so easy to make a mistake whether it’s clicking on a suspicious link or opening an attachment which could unleash a virus. The important thing is that staff feel that they can report without fear of repercussions. That way IT can be up and running quicker and data recovered faster.

But there could be a chance that the insider threat could be on purpose. Perhaps a member of staff is disgruntled or a trustee feels they have been ignored.

All these threats, whether targeted or untargeted, accidental or on purpose, can be mitigated by using some key cyber security approaches.

Slide 8

How are charities being attacked?

Ransomware is a type of malware that makes data or systems unusable until the victim makes a payment. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible. Following the initial ransomware attack, those responsible will usually send a ransom note demanding payment to recover the data. Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you pay. There is no guarantee that you will get access to your data or computer. Ransomware attacks can have a devastating impact on organisations, with victims spending significant amounts of time and money to reinstate critical services. Often skills need to be bought in from elsewhere. Replacing or upgrading expensive IT equipment is also often required.

The British Library and NHS cyber attacks I referred to earlier were Ransomware attacks.

Malware is malicious software that is designed to interfere with a computer’s normal functioning and that can be used to obtain information and commit cybercrimes.

Phishing is where untargeted, mass emails are sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. Most of us have heard about not opening suspicious looking attachments or weblinks, but these attacks do still regularly happen. Criminal groups will use charity branding or logos to make the emails look more legitimate, these can be obtained from websites or a simple google search.

A couple of examples on the slide. In May 2024 Companies House sent out an email warning of scam letters being sent out claiming to be from Companies House, the letters claimed that the recipient needed to make payment for Enhanced Web Filing Access.

In June 2024 we at CCVS posted on LinkedIn that we had been made aware by the Cambridge City Council of a fraudulent message aimed at Homes for Ukraine visa holders that was circulating online. The message falsely claimed to be from the Home Office and requested personal data.

Slide 9

What can you do to protect your charity?

What can you do to protect your data?

We will look at each area in a little more detail.

Backing up your data
Protecting against malware
Keeping devices secure
Create strong passwords
Defend against phishing

Slide 10

What can you do to protect your charity?

1. Back up your data

Backing up your data is your vital first step in your cyber security strategy. You must ensure not only that your charity is taking regular back-ups of important data but test that they can also be restored. This will reduce the inconvenience of any data loss from theft, fire, other physical damage or ransomware.

Identify what needs to be backed up. Usually, this includes documents, emails, contacts, legal information, calendars, financial records and supporter or beneficiary databases.

Ensure the device containing your backup is not permanently connected to your network either physically or over a local network.

Consider backing up to the cloud. This means your data is stored in a separate location (away from your offices/devices), and you’ll also be able to access it quickly, from anywhere. Link to Cloud security guidance from the NCSC is on the slide.

Slide 11

What can you do to protect your charity?

2. Protect against malware

Protecting your charity against malware (which is malicious software including viruses) doesn’t have to pricey or complicated, I have listed a few low cost and simple options on the slide

Use antivirus software on all computers and laptops. Only install approved software on tablets and smartphones, and prevent users from downloading third party apps from unknown sources.
Patch all software and firmware by promptly applying the latest software updates provided by manufacturers and vendors. Use ‘automatically update’ options where available.
Control access to removable media such as SD cards and USB sticks. Consider disabling ports, or limiting access to sanctioned media. Encourage staff to transfer files via email or cloud storage instead.
Switch on your firewall (included with most operating systems) to create a buffer zone between your network and the Internet.

There is a link on the slide to smartphone and device security guidance from NCSC

Slide 12

What can you do to protect your charity?

3. Keep Devices secure

Smartphones and tablets (which are used outside the safety of the office and home) need even more protection than ‘desktop’ equipment.

Switch on PIN/password protection/fingerprint and face recognition for mobile devices.
Configure devices so that when lost or stolen they can be tracked, remotely wiped or remotely locked.
Keep your devices (and all installed apps) up to date, using the ‘automatically update’ option if available.
When sending sensitive data, don’t connect to public Wi-Fi hotspots – use 3G or 4G connections (including tethering and wireless dongles) or use VPN’s.
Replace devices that are no longer supported by manufacturers with up-to-date alternatives.

There is a link to a NCSC blog post about mobile device management software on the slide

Slide 13

What can you do to protect your charity?

4. Creating strong passwords

Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorized people from accessing your devices and data.

Make sure all laptops, MACs and PC’s use encryption products that require a password to boot. Switch on password/PIN protection or fingerprint and face recognition for mobile devices.
Use two-factor authentication (2FA) for important websites like banking and email if you are given the option. Two factor authentication requires using a password and one other form of protection like a finger print, face recognition, pin or text message
Avoid using predictable passwords (such as family and pet names). Avoid the most common passwords that criminals can guess (like passw0rd).
Do not enforce regular password changes: they only need to be changed when you suspect a compromise.
Change the manufacturers’ default passwords that devices are issued with, before they are distributed to staff.
Provide secure storage so staff can write down passwords and keep them safe (but not with the device). Ensure staff can reset their own passwords, easily.
Consider using a password manager. And if you do use one, make sure that the ‘master’ password (that provides access to all your other passwords) is a strong one.

Links to further information and resources from the NCSC are on the slide

Slide 14

What can you do to protect your charity?

5. Defend against phishing

Phishing attacks are when scammers send fake emails asking for sensitive information (such as bank details), or the emails include links to bad websites and the emails encourage you to click on the links. To defend your charity against phishing attacks you can:

Ensure staff don’t browse the web or check emails from an account with Administrator privileges. This will reduce the impact of successful phishing attacks.
Scan for malware and change passwords as soon as possible if you suspect a successful attack has occurred. Don’t punish staff if they get caught out (it discourages people from reporting in the future).
Check for obvious signs of phishing, like poor spelling and grammar, or low quality versions of recognisable logos. Does the sender’s email address look legitimate, or is it trying to mimic someone you know? This is challenging as emails are increasingly sophisticated

Link on the slide is to 5 top tips to avoiding phishing attacks from NCSC

Slide 15

What to do if you are a victim of a cyber attack?

Despite your best efforts, cyber attacks can happen and if you think your charity has been the victim of a cyber attack – an online fraud, scams or extortion, you should report this through the action fraud website, there is a link on the slide.

You must report certain incidents that you’re legally obliged to report to the Information Commissioner’s Office (ICO) regardless of whether your IT is outsourced. This includes a personal data breach under the GDPR or the Data Protection Act.

You will also have to report it as a serious incident to the Charity Commission through the Charity Commission (England and Wales) website.

Reporting incidents will demonstrate that you have taken responsible action to identify problems within your charity. It also helps the Commission to gauge threats that may affect the wider sector and to take steps to address these with targeted advice and guidance.

If you are not sure if you have been attacked or need further advice, you can contact the NCSC enquiries.

Slide 16

NCSC Resources

The NCSC has produced a number of tools called the Active Cyber Defence tools or ACD. These are offered to organisations across certain sectors including charities for free. There are 3 tools which are worth looking into for your charity. They are Mail and web check and Early Warning.

Slide 17

NCSC Resources and guidance

The NCSC also has a lot of free resources including guides, support and advice. On the slide are a few resources that are useful to smaller charities in particular.

Small charity guide
Infographics: these are useful if your team has any specific questions or wants to learn more. They are available on the NCSC website and can be downloaded and printed.
E learning courses: this includes “top tips for staff”. The training can be completed online or downloaded and built into your own training platform. It takes less than 30 minutes to complete and is deliberately non-technical. This training is aimed at small organisations so some of the terminology is not aimed at charities but it is a useful resource for colleagues who may like some basic cyber skills.

Slide18

The Future

The future. Technology is constantly developing at an ever-increasing pace, with policy, legislation, and security furiously trying to play catch up. Plans for future legislation have again been amended with a new labour Government elected in July 2024.

AI briefly appears on the agenda but the focus appears to be on data protection matters and privacy rights.

We plan to update this training transcript with any relevant updates

The link is to the Data Protection Network article July 2024 which discusses possible changes in legislation with the new Labour Government.

Slide 19

Here to help

We hope that this training has been of assistance in increasing your awareness of what is cyber security, who is the National Security Council and how you can protect yourself and your charity from possible cyber-attacks. Please do reach out to us directly with any further support needs and do check out our website for further training resources.

Guidance and support links:

www.supportcambridgeshire.org.uk

To contact CCVS

enquiries@cambridgecvs.org.uk

To contact Hunts Forum

info@huntsforum.org.uk

National Cyber Security Centre (NCSC) https://www.ncsc.gov.uk/

National Association for Voluntary Community Action (NAVCA) https://www.navca.org.uk/

Action Fraud Website https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime

Information Commission Office (ICO) https://ico.org.uk/for-organisations/report-a-breach/

Charity Commission – reporting a serious incident (RSI) https://www.gov.uk/guidance/how-to-report-a-serious-incident-in-your-charity

NCSC resource links

NCSC general enquiries https://www.ncsc.gov.uk/section/about-this-website/contact-us

NCSC Small Charity Guide https://www.ncsc.gov.uk/collection/charity

NCSC infographic cybersecurity small charity guide https://www.ncsc.gov.uk/files/Cyber%20Security%20Small%20Charity%20Infographic.pdf

NCSC E-courses for small organisations https://www.ncsc.gov.uk/training/cyber-security-for-small-organisations-scorm-v3/scormcontent/index.html#/

NCSC Active Cyber Defence tools or ACD:

Mail Check – https://www.ncsc.gov.uk/information/mailcheck
Web Check – https://www.ncsc.gov.uk/information/web-check
Early Warning – https://www.ncsc.gov.uk/information/early-warning-service

NCSC Infographics https://www.ncsc.gov.uk/information/infographics-ncsc

NCSC Cyber Security eLearning training https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available

NCSC guidance links

NCSC cloud security guidance https://www.ncsc.gov.uk/collection/cloud

NCSC Smartphone and device security guidance https://www.ncsc.gov.uk/collection/device-security-guidance

NCSC blog post: Which Mobile Device Management software is the best? https://www.ncsc.gov.uk/blog-post/ncsc-it-mdm-products-which-one-best-1

NCSC Actionable advice https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email

NCSC Three Radom Words passwords https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0

NCSC password managers https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0

NCSC avoiding phishing attacks https://www.ncsc.gov.uk/collection/small-business-guide/avoiding-phishing-attacks

Links to articles:

Charity Digital: An A-Z glossary of cybersecurity terms and definitions https://charitydigital.org.uk/topics/an-a-z-glossary-of-cyber-security-terms-and-definitions-11473

British Library Blog Post March 2024 Lessons from the cyber attack https://blogs.bl.uk/living-knowledge/2024/03/learning-lessons-from-the-cyber-attack.html

Guardian Article June 2024 Cyber-attack on London Hospitals https://www.theguardian.com/society/article/2024/jun/11/cyber-attack-on-london-hospitals-to-take-many-months-to-resolve

BBC News article May 2024 Scammers emptied charity’s account https://www.bbc.co.uk/news/articles/cn40vrpz2v2o

Gov.UK Reporting scams to Companies House

https://www.gov.uk/guidance/reporting-scams-pretending-to-be-from-companies-house?utm_content=&utm_medium=email&utm_name=&utm_source=govdelivery&utm_term=

CCVS LinkedIn post-June 2024. Cambridge City Council warning about fraudulent messages aimed at Homes for Ukraine visa holders

https://www.linkedin.com/posts/cambridge-council-for-voluntary-service_welcome-to-govuk-activity-7209137701105582080-hElO/

Data protection July 2024 Labours plans for data protection, cybersecurity and AI https://dpnetwork.org.uk/labours-plans-data-protection-cyber-security-ai/?utm_source=Data+Protection+Network&utm_campaign=91f7d54770-EMAIL_CAMPAIGN_2023_08_28_04_14_COPY_01&utm_medium=email&utm_term=0_-7337095521-%5BLIST_EMAIL_ID%5D

Introduction to Engaging with Businesses: Five Things I Wish I Knew

18 September 2024/by Karen Cann

Get synergised, have created this basic introduction to working with business on behalf of Support Cambridgeshire. We regularly collaborate with Get Synergised to support groups looking to make connections with businesses. This particular training is aimed at small charities and voluntary groups, whether you are at the beginning of your journey in engaging with businesses or seeking a refresher.

Introduction to Engaging with Businesses: 5 Things I Wish I Knew

Hello and welcome to this Introduction to Engaging with Businesses: 5 Things I Wish I Knew, a recording for Support Cambridgeshire delivered by Get Synergised in partnership with Cambridge CVS and Hunts Forum.

This is one of several recordings developed to support small charities and voluntary groups in engaging with businesses. This recording includes some tips for success and is supported by a transcript and links that will take you to additional resources and information on the Get Synergised website.

Title Page

Introduction to Engaging with Businesses: 5 Things I Wish I Knew

If you are beginning your journey in engaging with businesses or seeking a refresher, this on-demand training video presents five insights that you probably wish you knew.

By avoiding common pitfalls, you’ll be well-prepared to cultivate partnerships with businesses eager to support you and your mission to help diversify income and resources for greater sustainability.

Slide 1

Firstly – Why Does Partnering with Businesses Benefit Your Organisation?

Expanded Resources: Businesses can provide financial support, in-kind donations, and access to expertise, enhancing your organisation’s capabilities and impact.
Enhanced Visibility and Credibility: Partnering with reputable businesses can elevate your organisation’s profile and credibility within the community and among stakeholders.
Innovative Solutions: Collaboration with businesses can spark innovation and creativity, leading to new ideas and approaches for tackling social challenges.
Sustainable Relationships: Establishing partnerships with businesses fosters long-term relationships built on shared values, which can lead to ongoing support and collaboration.

Now we know that, let’s delve into the 5 Things I Wish I Knew.

Slide 2

Introduction to Engaging with Businesses: 5 Things I Wish I Knew

Think About What You Might Need from a Business
Take Time to Build Relationships
Align Goals and Values
Confidently Make That Initial Ask and Contact
Always Follow Up, Celebrate Success, and Give Thanks

Slide 3

Think About What You Might Need from a Business

When engaging with businesses, it’s crucial to consider and request support beyond just financial contributions – although monetary support is indeed significant. Businesses are busy, so a well-defined request helps them understand exactly how they can contribute and what is needed. Here are some points on how to prepare to maximise your chances of success:

Time:
- Volunteer Opportunities: Clearly outline how much time you need from business volunteers and what specific activities they will be involved in. For example, you might need volunteers for pro bono expertise or a fundraising event.
- Flexible Options: Offer flexible volunteering opportunities that can fit into busy schedules on both sides, such as virtual volunteering or short-term projects.
Skills:
- Skill-Based Volunteering: Identify specific skills that would benefit your nonprofit and seek volunteers who can provide those skills. For example, you might need help with marketing, graphic design, legal advice, or IT support.
- Professional Development: Highlight how volunteering can also benefit their employees by providing professional development opportunities and enhancing their skills.
Expertise:
- Advisory Roles: Invite business leaders to join advisory boards, trustee boards, or committees where their expertise can guide your non-profit’s strategy and operations.
- Workshops and Training: Request experts to conduct workshops or training sessions for your staff or beneficiaries. For instance, financial experts could offer financial literacy workshops.
Resources:
- In-Kind Donations: Specify what physical resources or equipment you need. This could range from office supplies, technology, or transportation.
- Rooms and Space: Request meeting rooms or event spaces that the business can provide.
Finance:
- Monetary Donations: Clearly outline the financial support you need, specifying amounts and how the funds will be used.
- Sponsorship Opportunities: Offer sponsorship packages for events or programmes, detailing the benefits the business will receive in return, such as branding opportunities, meeting ESG (Environmental, Social, and Governance) goals, recognition, and networking.

Slide 4

Take Time to Build Relationships

Personal Connections: Develop personal relationships with key individuals in the business, rather than just seeking money and going in with a hard ask. Take the time to understand their motivations, interests, and values. Personal connections and warm introductions can strengthen the partnership and facilitate smoother collaboration.
Understand the Business: Research the company if you can. Understand their mission, values, corporate social responsibility (CSR) initiatives, and any past involvement with non-profits. This helps tailor your approach and shows that you’ve done your homework.
Identify the Right Person: Find out who the decision-makers are through a bit of research or asking others if you can. This might be someone in the CSR department, marketing, HR, or even the CEO, depending on the size and structure of the business.

Slide 5

Align Goals and Values

Good Fit: When looking for businesses to meet your asks, think about which businesses would be a good fit, might share your values, where they might be located, and what industries might be able to help you with what you need.
Know Your Own Mission, Vision, and Values: Be clear about your own non-profit’s mission, vision, and values to find the best alignment with potential business partners.

Slide 6

Confidently Make That Initial Ask and Contact

Personalise Your Approach: Tailor your message/email to the specific business and individual. Mention any common ground and keep your message brief and to the point, including a clear call to action that encourages a response.
Highlight What’s in It for Them: Shift the focus to their interests – why should they care? Clearly explain how your non-profit’s mission aligns with their goals and values.
Utilise Storytelling: Craft a compelling narrative that introduces your non-profit, what you do, the impact you make, and how it relates to the business. Explain the reason for reaching out and the potential synergy between your missions.
Utilise Existing Networks: If possible, leverage mutual connections to facilitate an introduction. A warm introduction significantly enhances the likelihood of a positive response.
Attend Networking Events: Engage in events where business leaders are present. These venues offer opportunities for face-to-face interactions and deeper engagement.
Phone Calls: Direct calls can sometimes be more effective. Be prepared with a concise pitch and ready to address any inquiries.
Utilise Social Media: Platforms like LinkedIn are effective for connecting with business professionals. Craft a concise and polite message outlining your purpose or share your organisation’s needs on the platform.
Propose a Meeting: Request a brief meeting to explore potential collaboration. Offer flexible scheduling options and suggest a few dates and times that work for them.
Articulate What You Can Offer: Describe the mutual benefits of collaboration, emphasising how their involvement will create a positive impact and meet their CSR goals, among other business benefits. Use stories, data, and examples to illustrate the value and potential returns on their investment.

Slide 7

Always Follow Up, Celebrate Success, and Give Thanks

Prompt Follow-Up: If you don’t receive a response within a week or two, send a polite follow-up email or call to reiterate your interest and inquire about their decision.
Share Impact Stories: Share stories and experiences that illustrate the impact of your partnership. Highlighting real examples and successes can reinforce the value of the collaboration and inspire continued support.
Thank Them: Regardless of the outcome, thank them for their time and consideration. This leaves a positive impression and opens the door for future opportunities.

Slide 8

Case Study Examples

Mills & Reeve and Hannah Nunn Kick Starter Coffee
Tees Law and Cambridge Acorn Project Legal Clinic

Slide 9

Benefits of Adopting Effective Partnership Strategies

Saves time and money
Enhance ROI (Return on Investment)
Maximise resource collaboration potential
Support sustainability of your organisation

Slide 10

Final Words – Image slide

We hope that you have enjoyed this short video, “An Introduction to Engaging with Businesses: 5 Things I Wish I Knew.” Hopefully, you now feel more equipped with some key points to get you off the starting block or to refresh your partnership strategy in this area for greater success.

Building influential relationships with corporate business partners, if done correctly, will help you diversify your income and resources while also boosting your credibility, profiling your organisation, reaching new audiences, making an even greater impact in your community, and sustaining your operations.

If you’re seeking to take your corporate partnership to the next level, we encourage you to enrol in our Foundation Course, “Winning Corporate Partnerships in 5 Steps.” This course will teach you to understand what businesses are looking for to attract their attention and how to use your time more efficiently to achieve better results with a proven strategic, relationship-first approach. It will also give you an overview of our strategic blueprint to help you build your Corporate Partnership Strategy.

Discover more about our courses, or subscribe to our newsletter for insightful tips and updates by taking a look at our website – www.getsynergised.com

Brought to you in collaboration with Support Cambridgeshire, CCVS, Hunts Forum and Get Synergised

Legal issues around managing volunteers in England and Wales

14 August 2024/by Christine Trevorrow

Slide 1 Title slide

Hello and welcome to this recording from Support Cambridgeshire. This training introduces the key legal issues around managing volunteers.

The guidance links, available in the transcript you will find alongside this recording, will provide you with all the materials we mention.
Please note that this guidance is not intended to replace advice from a legal professional.
Slide 2 Outline of session
This session will give you headline information to put in place the policies and procedures to help you deliver your legal responsibilities to volunteers and those they support. We will look at:
– Employment rights
– Who can legally volunteer
– Key legislation covering:
Equality
Health and Safety
Data Protection
Copyright
Safeguarding

Slide 3 What is a volunteer?

There is no legal definition of a volunteer but the following is used by the Disclosure and Barring Service (more on them later)

A person engaged in an activity which involves spending time, unpaid (except for travel and other approved out-of-pocket expenses), doing something which aims to benefit some third party other than, or in addition to, a close relative.

Slide 4 – Trustees as volunteers

Trustees are responsible for the governing of a charity and usually have more responsibility and liability than non-trustee volunteers. We have a specific training available for trustees ‘What do trustees have to do?’ which can be found in the guidance links

Slide 5 – Why understanding legal issues matters

Failure to understand how legislation relates to volunteers could result in organisations facing legal action:

with volunteers claiming employment rights
around failure to protect volunteers
and around failure to provide training and support to ensure volunteers are able to perform their roles without causing harm to beneficiaries or the wider public.

An organisation’s lack of legal understanding can also result in negative consequences for volunteers themselves, impacting on their finances and wellbeing.

Slide 6 – Volunteers claiming employment rights

Volunteers do not have the same legal rights as people with employment contracts unless a contract is inadvertently created:

It is worth being aware of what creates a contract –

A contract is a legally binding relationship between 2 parties. A contract needs 4 elements to be legally binding.
- An offer – this is a promise by one party with the intention of creating a legal obligation
- Acceptance – the response to the offer which can be written or verbal
- Consideration –. this can be a payment or something in kind such as equipment or training not directly related to the volunteer’s role
- An intention by both parties to create a legally binding relationship that a reasonable person would accept as intending to create a contract.

By contrast volunteering is a gift relationship and is not legally binding on either party.

There have been cases where volunteers have been able to take an organisation to an employment tribunal and prove that a contract exists. . For more details see the guidance links

Slide 7 Minimising the risk of giving volunteers employment rights

If a contract is created with a volunteer they could be awarded employee status, which in the worst-case scenario, could make them eligible for the national minimum wage backdated for the entire period of their volunteering. This could have serious consequences for a charity.

The danger of creating a case for employed status is minimised by ensuring that there is no legally binding contract in place and that there are clear policies and procedures specifically for volunteers that avoid using language associated with employment. For example, volunteers perform a role and not a job and are reimbursed for expenses and not paid. Good records need to be kept of training undertaken and expense payments received.

The organisation might consider putting in place a volunteer strategy and a volunteer policy which will clarify how the organisation interacts with volunteers, clearly demonstrate how volunteering differs from the work of any employees.

Volunteer role descriptions clarify the purpose, qualities and requirements of a role helping distinguish them from employee job descriptions.

Volunteer agreements are statements of mutual expectation that can be ended at any time by either party and are not legally binding.

Slide 8 Managing expenses

Mismanagement of expenses can cause problems for your volunteers and you could be seen to be paying a consideration which is one element of a contract.

The Inland Revenue rules permit volunteers to reclaim costs incurred or which will be incurred whilst volunteering including mileage, a reasonable meal, specialist clothing and care costs for dependents. However, although it is best practice to offer expenses organisations are not legally obliged to pay them.

Payments made to volunteers that are more than out of pocket expenses may be treated as taxable income. If the volunteer is in receipt of benefits any over payment may impact on benefit payments as they will be treated as if they are in paid work.

By collecting and keeping the right documentation as outlined in an expenses policy you protect both the organisation and the volunteer.

See the link in the guidance notes on volunteering and claiming benefit payments

Slide 9 – Who can legally volunteer?

We often get asked questions about whether the law allows certain groups of people to volunteer. The good news is that most people are legally able to volunteer. The exceptions being those whose visa status excludes them and those who do not meet the required criminal or safeguarding records checks for a particular role

People on benefits can volunteer if they continue to meet all the conditions of their benefit. It is advisable for people on benefit to inform the benefits office that they are volunteering
The legal restrictions on employing young people do not apply to volunteers. However, under 18’s are legally classed as vulnerable and safeguarding guidelines will apply. It is also necessary to check if under 18’s are covered by your insurance and you should put in place a separate risk assessment. There is a guidance link for a handbook on managing young volunteers at the end of the transcript.
Visitors from overseas can volunteer if their visa allows them and it is advisable to ask them to check with the immigration service. Those on tourist visas can volunteer as can refugees and asylum seekers. Some larger organisations insist on Right to Work checks for volunteers – this check is to ensure a job applicant is eligible to work in the UK and is only legally required for employees.
People with criminal convictions are legally permitted to volunteer and where a person has completed their rehabilitation, they do not have to disclose a conviction unless the role meets certain exemption requirements. Exemptions will usually apply to roles with access to children or adults at risk of abuse.

Slide 10 – Equality Act 2010

In this section we will work through the key legislation those managing volunteers need to consider. We will highlight key areas to be aware of and look at how to mitigate the risk of facing legal action. Starting with the equality legislation.

The equality Act protects people against discrimination, harassment or victimisation because they have, are perceived to have or are associated with someone else with any of the protected characteristics, which are:

Age
Disability
Gender reassignment
Marriage and civil partnership
Pregnancy, maternity (including breast feeding) and paternity
Race
Religion and belief
Sex
Sexual orientation

Slide 11 – Volunteers as service users

Volunteers do not have the same legal protect as employees, however service users are protected. The Equality and Human Rights Commission has advised that volunteers could (in some circumstances) be seen as service users creating the potential for a legal case to be brought. Many organisations address this head-by adding a clause like the following to their volunteer equality statement

We do not intend to create a contractual relationship with our volunteers but as a matter of respect and dignity we want to treat volunteers inclusively and fairly wherever reasonable.

Slide 12 – Volunteers as service deliverers

If your organisation provides advice in person or online, a community centre, shop, club, care home, or a private club or association with more than 25 members then the Equality Act applies to your services.

Where volunteers help you deliver your services they are seen as service deliverers carrying out your instructions. If, in their planning or delivery of these instructions the volunteer does something defined as unlawful discrimination, harassment or victimisation, you can be held legally responsible for what they have done.

Slide 13 – Minimising the risk

Put in place an Equality Diversity and Inclusion (EDI) policy and procedure for volunteers to follow

Offer training and ongoing support to ensure volunteers understand how to behave and carry out their tasks keeping within the law. Check out the guidance links for more on this.

Slide 14- Health & Safety

Volunteers are not protected by all the same health and safety legislation as protects employees. However, an organisation has a duty of care to anyone they encounter to ensure they do not cause any unreasonable harm.

As service deliverers, volunteers need to be trained and supported to ensure public safety. It is best practice to put in place a health and safety policy and procedure for volunteers to follow. This will include putting in place risk assessments for activities and venues.

Although there is generally no legal obligation to insure volunteers, the Charity Commission strongly advised that volunteers are covered by the same level of insurance as employees. We have an on-demand trainings available on health and safety and on insurance (see guidance links)

Slide 15 – Data protection

The regulator for all organisations managing data is the Information Commissioners Office (ICO) which produces a wealth of guidance. Most volunteer-involving organisations hold information on their volunteers. This information is likely to be personal data (that identifies an individual) and may also include sensitive data (which is confidential data such an individual’s medical record which must be kept particularly secure). This information is likely to be personal data and may also include sensitive data. Volunteers data is protected and volunteers can view their own records through subject access requests including access to references given by 3^rd parties.

As service deliverers, volunteer must comply with data protection legislation- There is no volunteer exemption and any organisation that asks volunteers to process data must manage the risks adequately.

The NCVO data protection and volunteers guidance in the guidance links explains the legal requirements for handling data (The data protection principles) and the reasons (the lawful basis) you must establish for processing data. Please note that in most cases not for profit organisations managing their own data do not have to register with the ICO

Slide 17- Minimising risk

To minimise risk put in place a data protection policy and procedure for volunteers to follow. Ensure you have in place a privacy statement that can be shown to anyone whose data is being collected. In the guidance links there is a Create your own privacy statement tool. Ask volunteers to complete an information consent form for their own data (see guidance links for a template). Ask volunteers to sign an agreement covering data protection and confidentiality (example shown in guidance links)

Offer training and ongoing support to ensure volunteers understand how to carry out their tasks keeping within the law.

Slide 18 – Copyright

When an employee creates something as part of their contract of employment, whether it is a blog, photo or illustration, the material belongs to the employer. This is NOT the case for volunteers who retain the copyright for whatever they create. This can be challenging when a volunteer decides to withdraw their permission for something the organisation has invested in. For example, a logo or a photograph used in a printed leaflet or on a display board.

A volunteer can be asked to complete a deed of assignment to transfer copyright to the organisation – an example is shown in the guidance links. An alternative is to agree a licence where the volunteer retains ownership but allows use of the material, this is usually in return for a consideration. If a license is agreed legal advice should be sought to avoid complications over whether any payment could contribute to the creation of an employment contract.

Slide 19 – Safeguarding

Charities have a responsibility to keep everyone who is in contact with the organisation safe, including online.

You must minimise the risks of any harm or abuse
Ensure everyone has confidence their concerns will be dealt with appropriately
Ensure everyone at the charity understands their role in ensuring safeguarding

Slide 20 – Child protection

People working with children are expected to report concerns about a child’s welfare to the relevant agencies.

Organisations that work with children and families must have safeguarding policies and procedures in place.

A summary of all key legislation is available from Writing safeguarding policies and procedures | NSPCC Learning

Slide 21 – Adult at risk protection

The Care Act 2014 applies to any person 18 plus who:

Has needs for care and support
Is experiencing, or at risk of, abuse or neglect.
Is unable to protect themselves from the risk or experience of abuse or neglect.

Only those that meet the adult at risk criteria should be referred to adult safeguarding.

Slide 22 – Disclosure and Barring Service (DBS)

The DBS maintains a record of a person’s criminal convictions and cautions and decide who should be barred from working with vulnerable groups and put on the barred list. The DBS maintains 4 different levels of check (these together with more detail on the definitions of regulated activity are explained in the Safeguarding for volunteer managers guidance link).

Before an organisation considers asking a volunteer to assist them in making an application for a DBS check, they are legally responsible for ensuring that they are entitled to submit a check for the role – not all roles are eligible for DBS checks. There is a link to an eligibility tool shown in the guidance links.

DBS checks can only be carried out for successful applicants who are appointed to a role, so when you make an offer to a volunteer you should clearly say that it is subject to a satisfactory DBS check

You should be aware that under the Rehabilitation of Offenders Act 1974 people do not have to disclose spent convictions in an application form unless the role is exempt from the Act.

Slide 23 – Regulated activity

Regulated Activity is a legal phrase used to describe specific circumstances where individuals are working or volunteering with children or vulnerable adults because of help or treatment they are receiving. A definition of regulated activity is show in the guidance links.

Anyone volunteering in regulated activity will be required to have an Enhanced DBS with barred list check. The barred list is a database that contains the details of individuals who have been banned from working with children or vulnerable adults due to past behaviour or offences.

It is illegal to knowingly allow a person on the barred list to work or volunteer in regulated activity.

Anyone who supervises staff or volunteers who carry out Regulated Activities will also need the same level of check.

Slide 24 – DBS further information

Unless an organisation is requesting large numbers of DBS checks they will be required to use an umbrella body to submit their DBS forms. The DBS does not charge for volunteer DBS checks but the umbrella body will charge an administrative fee.
The DBS update service (see guidance links) is a subscription service that is free for volunteers. The update service keeps the certificate up to date adding any new convictions and can be shared with other volunteering organisations if the volunteer wishes to share it. Volunteers must choose to register for the update service themselves within 30 days of their certificate being issued.
DBS checks can only be done for people aged over 16
Any DBS certificate information is confidential. It should be kept securely and only seen by those who need to see it as part of their duties
DBS checks for refugees and asylum seekers require a particular approach involving fingerprinting (see guidance links)
DBS checks are not suitable for people (other than refugees and asylum seekers) who have recently lived outside the UK but it might be possible to obtain a similar check from the country where they were last resident. See guidance link for Getting a criminal record check from outside the UK

Slide 25 A culture of safeguarding

Organisations need to put in place a culture of safeguarding – DBS checks will only show up concerns for people who have been convicted of offences or placed on the barred list and not all roles are eligible for these checks. Therefore, the way your organisation recruits, inducts, trains and supervises volunteers encouraging people to be open and share any concerns is key. For more on a developing a culture of safeguarding see the guidance links below.

Offer training and ongoing support to ensure volunteers understand how to behave and carry out their tasks keeping within the law. See the guidance links below for training you can share with volunteers.

Put in place safeguarding policies and procedures for volunteers to follow. There is safeguarding policy guidance shown in the guidance links which takes you through what a child and an adult safeguarding policy and procedure should cover

Slide 26 To find out more

For more detail on all of the topics covered here check out the guidance links in the recording transcript.

You can also contact our team at for help including help with policies and templates

Info@supportcambridgeshire.org.uk

Guidance links

Employed status links:

Guidance on volunteer strategy (NCVO)

Volunteer policy (CCVS)

NCVO on tribunal decisions relating to volunteers claiming employed status

Volunteer role description template

Volunteer agreement template

Example expenses form

NCVO guidance on volunteer expenses

Who can legally volunteer links:

Volunteering and claiming benefits

Permission to work and volunteer for asylum seekers

Right to work checks

Guidance on asking about criminal history

Young Volunteers Handbook (Community First

Equality Diversity and Inclusion links:

Example equal opportunities form

Equity, diversity and inclusion in volunteering (NCVO)

Health and Safety links:

CCVS on demand H&S training and templates

Volunteering: How to manage risk (HSE)

Volunteering and health and safety (NCVO)

NCVO guide on insurance and volunteers

Volunteer drivers (NCVO)

On demand training on a range of topics including:

Insurance for small charity and voluntary groups

What do trustees have to do?

Data protection links:

NCVO data protection and volunteers guidance

Advice for small organisations (ICO)

Registration self assessment (ICO)

Create your own privacy notice (ICO)

information consent form

Parkinson’s UK data protection and confidentiality agreement

Copyright links:

D eed of assignment example

Safeguarding links:

Safeguarding for volunteer managers (NCVO)

Safeguarding board on-demand training

Safeguarding policy guidance (Support Cambs)

NSPCC resources

Anne Craft Trust

DBS links:

Eligibility tool DBS

A guide to DBS checks (DBS)

DBS eligibility guidance

Find an DBS umbrell a body

DBS checks for refugees and asylum seekers

Getting a criminal record check from outside UK

Where are your next generation of volunteers – June 2024

27 June 2024/by Kathryn Shepherdson

We have compiled a selection of presentations made at the ‘Where are your next generation of volunteers?’ event.

Background

Nationally, volunteer numbers have been falling since 2020, and considerable changes have occurred in how the public wants to volunteer. There has also been a rise in younger people (16 to 25-year-olds) wanting to give back to their communities, contribute to their environment, and make a difference in their neighbourhoods.

With mental health becoming more prominent in younger people, they are realising that volunteering can be a way to feel better about themselves and less isolated.

The issue is that limited volunteer roles are directed at that young audience. While those under 16 face later issues around insurance, those over 18 find expectations and commitments, along with a lack of expenses, a turn-off.

It makes sense for any group to start thinking about how they can adapt and bring down barriers so that younger people can get involved in volunteering.

‘Where are your next generation of volunteers?’ is an event run by Support Cambridgeshire in June as part of the Volunteer Month events aimed at doing just that. It also shows groups in practical ways what they can do to make volunteering for their organisation more appealing to younger people.

The event featured a range of exciting speakers who discussed the barriers young people currently face in volunteering. Representatives from the Student Community Action and National Citizen Service (NCS) also discussed how groups can engage with them. Finally, we ended with Future Creative, a project that engaged young people and learned from that project.

Below are the four presentations from each speaker.

Engaging Young People – Breaking down the barriers

Eva talks through her experiences as a younger volunteer but also what she has seen in her career on what groups should be doing to break down those barriers there currently are for young people to support their communities actively.

Biography- Click Here

Contact: Eva.Woods@peterborough.gov.uk –

Cambridge Student Community Action – Student Volunteering

Nicky, the general manager at SCA, talks through what it is they do, but also how they can be that link with organisations and the learning they have taken from their projects in engaging with more younger people in the city.

Biography – Click Here

Website: http://cambridgesca.org.uk/

National Citizen Service (NCS) – Groups of younger people

Kim, the NCS programme manager at Cambridgeshire County Council, talks about what NCS is and how community groups can dip their toe into working with younger people through this program. Insurance is covered, and the younger people work together on a community project for a chosen organisation.

Biography: Click Here

Contact: Kim.jeffries@cambridgeshire.gov.uk

Future Creative – A tested project

Imogen spoke about the Future Creative programme, which ended recently in Kirklees. Which aimed to engage younger people in volunteering in a way not done before, she talks about what they did differently and what they learnt long the way.

Biography: Click Here

Contact: Imogen@tslkirlees.org.uk

Want to talk to one of us?

If you want to talk to a member of the Support Cambridgeshire team, simply email info@supportcambridgeshire.org.uk, and we will find the right staff member for your enquiry. Remember you can promote all volunteer roles through Volunteer Cambs—and there is now a tag for younger people to search for roles suitable for them!

Funding Application Tips

9 April 2024/by Christine Trevorrow

Slide 1

Hello and welcome to this recording from Support Cambridgeshire, a partnership of Cambridge CVS and Hunts Forum. This is one of several recordings we have developed to support small charities.

To accompany the recording there are guidance links, available at the end of the transcript which will provide you with any materials or links we mention.

Slide 2 What we’ll cover:

The basics you need in place before you apply
Your case for support evidencing the need for what you do
Different types of funding
Identifying the right funders to support your organisation
Planning your budget
Creating a funding plan
Demonstrating value

Slide 3 Are the basics in place?

Most funders will be expecting you to have some basics in place, it is how funders reassure themselves that you as organisation are set up to do a good job managing any funds awarded. The basics will usually include:

Being an eligible organisation for that funder. Having a committee with at least 2 unrelated people and a governing document which outlines how you are run including how many trustee or committee members you need to make decisions and a windup clause to show what would happen to funds in the event of you organisation closing.
A bank account in the name of the group that requires at least 2 unrelated people to sign off on each transaction. Although if the group is new or set up to deliver a single project the funder may agree to your funds being hosted by another voluntary group.
A copy of your latest set of accounts or if the funder will accept applications from new groups you will need to create a budget of projected income and expenditure.
Funders may also ask to see key policies and procedures such as those covering Health & Safety, Safeguarding, equality diversity and inclusion , data protection, financial controls and risk management.

Slide 4 What is your case for support?

Most funders receive far more applications than they can possibly fund so they have to make a choice and this is partly based on how strong a case you make. Can you clearly explain:

What is the need you are set up to address? For example, what barriers prevent beneficiaries from accessing the support or care they need?
Who are you making a difference to and how have you involved them in developing your ideas?
How are you qualified to deliver this work and how will you work alongside other relevant organisations?
What evidence do you have that your approach is the right one? There are links to sources of evidence you might find useful in the guidance links at the end of the transcript accompanying this recording.

Slide 5 What sort of funding are you looking for?

Some funders will fund a wide range of different sorts of expenditure, but others may be very specific, so it is worth being clear what it is you are looking for

Are you looking for:
- Startup costs to give you some seed funding to get started or maybe to fund a pilot project before looking for ways to scale up your ideas.
- Core costs that contribute to the overall running of your organisation?
- Capital costs for a building or to purchase a high value item?
- Project or revenue costs to help you deliver a specific project? Are you looking for costs to help you continue with an existing project or to help you extend a project or develop a completely new project. It is worth being aware that most funders will not fund a project or purchase you have already started so you need to factor in funders decision times in your planning. .

Slide 6 Identifying the right funders

There isn’t just one place to look for funders. A good starting point is The Support Cambridgeshire funding portal which you can find on the Support Cambridgeshire website – you can search funds relevant for groups in Cambridgeshire for free. You can also subscribe to our mailing list and receive regular funding alerts. It is also good to see which funders funds other organisations in your area or similar organisations delivering similar sorts of project elsewhere – information about funders will be in an organisation’s annual accounts – easily available if they are a charity on the Charity Commission website. You are probably aware of other funding directories and free ones include Charity Excellence and Induct Grantway which are nationally rather than locally focussed. We have a spreadsheet of smaller funds called the Invisible Grant Makers which we can access for member organisations. We run a fundraisers network to share information and offer support. We also arrange events to bring funders and those looking for funds together to offer guidance and support.

Slide 7 What do funders require?

Some smaller trusts and foundations may be quite general in what they say they will consider funding. However larger foundations, lotteries and statutory funders will have funding priorities which they will outline in their guidelines. To stand a chance of being successful applicants will need to demonstrate that what they do fits with the funder’s priorities.

Funders may also specify the type of funding they will offer. For example, they may only fund capital costs or project costs for new beneficiary groups.

They may have other eligibility criteria such as specific locations or they may specify specific groups of beneficiaries.

Many of the larger funders for larger grant pots have put in place a 2 stage application process. At the first stage they are looking to check your project meets their criteria and for some funders that can be achieved by submitting something other than a form such as a simple video. If a funder decides your project is something they might realistically fund they may then invite you to develop stage 2 of your application which is more detailed and may even involve a presentation.

If you are requesting a smaller sum you will usually just go through a one stage application process.

Slide 8 Planning your budget?

Read the funder guidelines carefully to clarify what will they fund. For example will they allow you to apply for Full Cost Recovery (FCR) This means getting funding for the total costs of running your project including overhead costs such as staff costs, heating and rent. There is a link to more guidance on FCR in the guidance links.
Will the grant give you all the money your need? If not can you explain how you can realistically secure the balance needed within the timescales permitted. Funders usually specify a timescale for spending funds and most will not fund retrospectively, by which I mean for activities that have already taken place or items already purchased.
Think about whether your budget is realistic? Funders know what things cost and putting in the lowest possible cost may lead to concerns about your ability to deliver. Conversely putting in high costs that don’t reflect value for money may count against you.
Funders are also likely to ask you about how you will sustain your project or activities when their support comes to an end. It may be that their funding will build your capacity to raise funds in other ways or that you intend to apply for further grants so that the gains made are not lost.
Finally, make sure you budget adds up correctly – this is a common mistake and one that will make a funder question your ability to manage their funds effectively.

Slide 9 Creating a plan

Grant funding is one way you can seek to raise funds and you probably also raise money in other ways such as through donations or running fundraising events. It can be helpful to incorporate grant applications into a wider plan reflecting timescales and resources you’ll need to allocate. Funders operate to different time scales, with different deadlines and lead times. Having identified which funders you want to apply to you need to factor all of these differences in.

We’ve shown here an extract from a simple fundraising plan which would help you map out your approach to raising funds. You can see that it takes into account how long funders take to make decisions and the resources and costs involved. You can also add in key operational dates for your organisation for example when you might be especially busy or when cashflow might be a particular concern.

Slide 10 How to show the value of what you do?

Most funders will require you to monitor and evaluate your project to collect information to demonstrate the difference your project or activities make to your beneficiaries. For example, if your project is set up to reduce loneliness how can you reflect this – funders will often specify the sorts of proofs they require. Some will expect you to put in place a way of measuring the difference made, they may want to know numbers attending events or they may want to read case studies sharing the impact. It is common for funders to ask you at the application stage to explain how you will evaluate your project. Usually, the more money you ask for the greater the level of monitoring and evaluation required. There are links in the guidance to offer more information on monitoring and evaluation.

Slide 11 To sum up

Get the basics in place and develop a plan around fundraising. Create a case for support which includes sharing evidence of need. Do your research and make sure you know what funders are looking for and whether they are a good fit for you. Think about how you will demonstrate the difference your work makes to the people you are set up to help. Look for ways to convey your vision be positive and persuasive and use your stories. Be resilient there is a lot of competition for grants and you are very unlikely to be successful every time but ask for feedback where available on any failed bids and take the opportunity to learn and develop your skills. Look for guidance and support, Support Cambridgeshire can help we have lots of resources and networks you can tap into so get in touch.

Slide 12 To find out more and for further help and guidance please contact us at info@supportcambridgeshire.org.uk

Guidance links:

For evidence of need look at:

To find funders check out:

For National lottery guidance on Full Cost Recovery

For Tools to help you gather and use evidence and learning

Is there anything wrong with this page?

Safeguarding Policy and Procedures

Safeguarding Policy and Procedures

Health and Safety

CCVS guide to Writing a Health and Safety Policy

Guidance links

CCVS Guide to Risk Assessment Made Simple

CCVS Guide to Running a Safe Event

Data Protection

Data Protection Part 1: What You Need To Know

Data Protection Part 2: What You Need To Do

Data Protection Part 3: Writing a Privacy Notice

Fundraising basics for small voluntary groups and charities

Fundraising basics for small voluntary groups and charities

Cybersecurity for Small Charities

Introduction to Engaging with Businesses: Five Things I Wish I Knew

Legal issues around managing volunteers in England and Wales

Guidance links

Where are your next generation of volunteers – June 2024

Engaging Young People – Breaking down the barriers

Cambridge Student Community Action – Student Volunteering

National Citizen Service (NCS) – Groups of younger people

Future Creative – A tested project

Funding Application Tips

Help us improve our website

Our partnership

Get in touch

Our supporters