If your program handles personal data of any person located in the European Union, the EU General Data Protection Regulation (GDPR) applies—regardless of where your organisation is based. We strongly recommend familiarising yourself with the regulation using plain-language guides and, where appropriate, seeking legal advice.
This guide highlights Good Grants features that can help you support GDPR and general data-protection compliance. It is not legal advice and is not an exhaustive guide to GDPR obligations.
Data protection preparation checklist
Review and configure the following features to support compliance:
- Agreement to privacy policy
- Consent to receive notifications and broadcasts
- Subscription preferences
- Cookie notice and consent
- Fields containing personal data
- User permanent deletion
- Data Processing Agreement (DPA)
Each item is explained in more detail below.
Agreement to privacy policy
You can require users to explicitly agree to the Good Grants privacy policy, cookie policy, and terms of service.
- In the Manage workspace, go to Settings > Users > Registration
- Tick Display checkbox requiring agreement to terms
- (Optional) Select Modify default text or update linked policies
- Click Save
Results:
- New users must agree during registration
- Existing users are prompted on next login
- Each agreement is timestamped and stored on the user record
Consent to receive notifications and broadcasts
You can collect explicit consent for program communications.
- In the Manage workspace, go to Settings > Users > Registration
- Tick Display checkbox for optional consent to receive notifications and broadcasts
- (Optional) Modify the default text
- Click Save
Results:
- Users can opt in during registration or on next login
- Consent is timestamped and recorded on the user record
Subscription preferences
All Good Grants emails include an unsubscribe link that takes users to their preference centre.
After login, users can manage their preferences by:
- Click their name (top-right)
- Choose Profile
- Open the 'Preferences' tab
From here, users can manage broadcast and notification subscriptions.
Learn more in Do I need broadcasts and notifications? Are they important?
Cookie notice and consent
You can require explicit consent for cookies.
- In the Manage workspace, go to Settings > Users > Registration
- Under 'Cookies', tick Request explicit consent to cookies from users
- Click Save
Optionally, customise the cookie text.
- In the Manage workspace, go to Content > Content blocks
- Edit the Cookie notice content block
Results:
- Users without consent see a cookie banner
- Consent is timestamped and stored
- Users can update consent at any time via the 'Preferences' tab in their profile
Fields containing personal data
Review all application and user fields to identify personal or sensitive data. Each field can be marked with a Data protection level:
- Standard
- Elevated (personal data)
- Maximum (sensitive personal data)
Setting the appropriate level enables additional safeguards. Configure this when editing each field.
Learn more in Data protection on fields explained.
User permanent deletion
Under GDPR’s right to erasure, users may request permanent deletion of their personal data.
- Users cannot permanently delete themselves
- Program managers (with appropriate permissions) can delete users on their behalf
Permanent deletion removes personal data in line with regulatory requirements.
Learn more in Permanent deletion of users.
Data Processing Agreement with Good Grants
Under GDPR, your organisation acts as the data controller, and Good Grants acts as the data processor.
A Data Processing Agreement is required under Article 28. The Good Grants DPA is already incorporated into the standard agreement (Clause 2(14)), so no separate document or signature is required.
Good to know
- GDPR may apply even if your organisation is outside the EU.
- Other data-protection laws (e.g. local or sector-specific) may also apply.
- This guide focuses on platform features, not legal interpretation.
- Always consult legal or compliance advisors for definitive guidance.