While Australia’s privacy principles are stringent, they don’t go as far as the 2018 GDPR regulations in the European Union. There, consent must be freely given, specific, informed and unambiguous. And it must be expressed by a clear affirmative action. All organisations, including charities, need to adhere to GDPR requirements. For charities in Australia, it’s important to consider best practice approaches for data collection, management and use in advance of potentially stricter legislation around the issue of consent and privacy, which is likely to land in Australia in the coming year or two. What are the key things to consider in ensuring that our organisations’ data is collected and managed and how we can further our own data standards to prepare for a new world of privacy restrictions?