Latest insights from our experts
Could your charity face an ICO fine?
The Information Commissioner’s Office (ICO) has announced its intention to issue fines to a number of charities for breaching data protection rules. Although yours is not likely to be one of them, there are serious issues here for all charities. Some have simply been too cavalier in their approach to these rules, and the ICO clearly means business.
Last year the RSPCA and the British Heart Foundation were fined £25,000 and £18,000 respectively for failing to handle donors’ personal information in accordance with the Data Protection Act, including trading personal details with other charities and hiring “wealth management” companies to investigate their donors.
But it is not just about fund-raising. We know of one charity that in preparing for a trip sent everyone on it each other’s passport and national insurance details! As you process individuals’ data, you must comply with the Act. A breach could lead to criminal prosecution and fines, as well as damaging your charity’s reputation and risking potential personal liability for your trustees for breaching their statutory duties of care and responsibility.
The ICO’s recent stance should be a wake-up call for all charities to review their data compliance procedures and fundraising practices to ensure they are Data Protection Act compliant.
You should also get ready now for the General Data Protection Regulation 2018 which will impose a significantly tougher regime (e.g. consent to use supporter data). You should be getting expert help on this if not already doing so.
Despite Brexit, it seems the UK will enact similar regulations, so you will need to introduce new compliance procedures and processes to meet the new rules. A ‘head in the sand’ approach is not advisable – especially as the new rules are likely to lead to a greater focus on compliance and potentially much higher penalties if you get it wrong!
Please contact one of our charity law specialists Richard King or James Evans at:
Broadwalk House, Southernhay West, Exeter EX1 1UA
Call: 01392 207020 or email: email@example.com