Latest insights from our experts

Posted 23 February 2017

Data Protection Update

You may recall that we addressed the importance of Data Protection in our article ‘Could your charity face an ICO fine?’ earlier this month. Today, we revisit the issue, as new guidance has been published by the Fundraising Regulator to help charities ensure their use of personal data and direct marketing activities are carried out lawfully and without risking the charity’s reputation.

The guidance, Personal Information and Fundraising: Consent, Purpose and Transparency states that legal requirements and compliance “are only part of the answer.” It reiterates the importance of fundraising with integrity and respect as well as the need for donors to have control over charities’ engagement with them.

The guidance, which is intended to be a guide on best practice rather than a set of legal requirements or regulatory standards, focuses on helping charities and fundraisers:

– better understand their responsibilities in relation to data protection, donor consent and legitimate interests;
– reflect on their current practices; and                                                                                          –    – feel confident in developing a direct marketing approach that takes full account of the rights and wishes of the individual.

The Fundraising Regulator has indicated that a consultation on integrating key parts of the guidance into the Code of Fundraising Practice could take place as early as this summer. Although it is unclear what the Regulator proposes to include in the Code, charities must be prepared for change – especially in light of the key recommendation that charities move to ‘opt in’ methods of obtaining donor consent as the ‘clearest, safest, most future –proof way of collecting and demonstrating consent .”

The guidance also highlights forthcoming legislative changes. The General Data Protection Regulation (GDPR), which is due to apply in the UK from 25 May 2018, will require any business (including charities) in the EU – no matter the size – to collect, store and use personal information more securely and comply with a much tougher regime when it comes to how they use personal data. The guidance uses a simple colour coding system to highlight any references to the new and existing regulations.

The GDPR may not be implemented for over a year but charities are reminded that by failing to prepare, they are preparing to fail. The GDPR will bring with it very hefty fines for those who fail to comply. The Payment Card Industry Security Standards Council estimate that fines levied in the first year could reach £122 billion in the UK alone.

It is vital that all charities – large and small – now review their data protection systems and processes. They should also consider their marketing and communication strategies with donors, in the light of the new guidance. By undertaking a review of processes sooner rather than later, charities will not only meet good practice standards, but also be ready to protect themselves against reputational damage and the risk of being fined under the GDPR.

For further information and advice, please contact our specialist charities team on: 01392 207020 or by email:

Want to know more?

Request a call back or ask us a question using our quick-contact form.
Alternatively you can call us on 01392 207020.

About the author