Data protection law changes in May, when the new GDPR comes into force.
The new law comes into effect on 25 May.
The law generally tightens up the previous data protection rules. For example, organisations need to be clearer about what use they are making of people's data, and what legal powers they have. People have more rights to know what data you hold about them, and what you are doing with it. Fines can be imposed on organisations that break the rules.
The regulator for data protection is the Information Commissioner's Office. They have produced new guidance for charities including a twelve point checklist, and a dedicated advice line for small organisations is also available.
Help is also available from the Small Charities Coalition, who have produced a GDPR toolkit - they say that it includes the new policies you may need, and training videos for staff.