Legal compliance

From Our Toolkit

All voluntary, not-for-profit or charitable organisations must be aware of:

  • the legal frameworks which they must operate within

  • the recommended policies and procedures you should have

If you are a governing body within a larger organisation your parent organisation may support you with this but it is always advisable to check. The National Council for Voluntary Organisations (NCVO) has produced the following information and checklists:

The Equality Act (England, Scotland & Wales) or Disability Discrimination Act 1995 (Northern Ireland)

All organisations need to comply with the Equality Act 2010 (England, Scotland & Wales) or the Disability Discrimination Act 1995 (Northern Ireland) which protects people from discrimination in the workplace and in wider society. The Equality Act (England, Scotland & Wales) brings together a number of previous acts including:

  • Sex Discrimination Act 1975
  • Race Relations Act 1976
  • Disability Discrimination Act 1995

To find out more about the Act in your nation:

Health and safety

While all members of your organisation have a responsibility to maintain the health and safety of the workplace and its associated activities, the governing body is responsible for ensuring that the right mechanisms are in place to make this possible. The Health and Safety Executive summarises what is needed in their Health and safety made simple resources.

Data protection

Since May 2018 the way that we collect and process personal data has been governed by the EU General Data Protection Regulation (GDPR). 

  • To read more about the law itself please see the pages on the website
  • For a short introduction to how GDPR can effect you and your organisation see SHARE Museums East blog post: What on earth is GDPR and how does it effect you?
  • To understand GDPR legislation in more detail and how to implement it in your organisation see this free Museums & Heritage Advisor webinar: GDPR & Cultural Organisations – What you need to know which is led by data protection consultant Naomi Korn and Senior Policy Officer, Policy and Engagement at the Information Commissioner’s Office, Richard Sisson

General advice:

For museums:

For archives:

For charities:

Advice specific for Wales

Copyright and intellectual property rights (IPR)

When managing your heritage and working with others and their work you will need to be aware of your responsibilities under current copyright and intellectual property rights law. You can find advice and support here:


When working with other people and in particular children, young people and vulnerable adults you will need to be confident about your organisation’s position on safeguarding on your site and online.

Leeds Safeguarding Children Partnership has produced guidance on how to write a safeguarding policy.

If you are concerned that someone may have a criminal record you can ask them to apply for the Disclosure and Barring Service (DBS) check.

Disclosure and Barring Service (DBS) – For further information about DBS clearance please see the Safeguarding subject in the Learning topic of this toolkit.


Each governing body will need to ensure that they have the right insurance policies in place in regard to people they have working for them, the activities they are carrying out and the heritage in their care. NCVO outlines how to decide on which insurance policies are right for your situation.

There are numerous companies able to provide organisations with insurance company. Our listings here do not represent any endorsement and we would always recommend that organisations undertrake their own research and policy/price comparisons.

Museum specific suppliers:

Browse the toolkit
Search the toolkit
Toolkit contents

A one-page list of all the sections of the Toolkit.