Charities Seminar – Update on Data Protection (GDPR)

Author's position
Article date
31 March 2017
Primary interest
Voluntary sector

Yesterday, I attended the Charities Seminar in Green Park, hosted by local firm, Blandy & Blandy. This article provides an update on the upcoming changes to Data Protection regulations.

The forthcoming GDPR and Fundraising Preference Service

Data Protection is often considered to be a dry and onerous area, but in view of the new regulations coming soon, this is an area that all charities and community groups need to consider and update their procedures and consent forms as necessary. Trustees have a duty of care to ensure that the charity is compliant with the law. In practice they don’t need to micromanage the process, but they do need to be aware of the requirements. If you are unsure about how this update applies to your charity or group, please contact RVA for free one-to-one advice.

  • GDPR (General Data Protection Regulation) comes into force in the UK from 25 May 2018 and builds on the Data Protection Act (DPA). This will mean more stringent requirements on organisations processing personal data. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
  • What does processing personal data mean? Simply put, this is collecting and using an individual’s personal data (i.e. data by which they can be identified)
  • This update refers to processing for the purposes of “Direct Marketing”, defined by the Fundraising Regulator as ” a form of advertising and communication which allows organisations to contact individuals directly through a variety of media including (but not limited to) letters, emails, texts and phone calls.” This is a wide definition, in practice this will include email addresses of supporters or donors if you are fundraising, and may even extend to volunteers or service users when advertising or promoting your organisation or its opportunities.
  • The GDPR will set a high standard for consent. In practice this will mean:
    • What stays the same:
      • consent must be freely given, specific, informed, and there must be an indication signifying agreement.
    • What’s new:
      • Consent must be unambiguous and involve a clear affirmative action.
      • You will need clear and more granular opt-in methods (not just one check box) explaining exactly what the individual is consenting to: different check boxes for different activities: i.e. fundraising, volunteering, petitions, sharing data with partner organisations: who they are and for what purpose.
      • Provide the information in different ways, i.e. orally, face to face or over the phone, in writing, signage in public areas, electronically. This will of course depend on what you are seeking consent for and will mainly refer to fundraising activities, to ensure transparency.
      • Consent should never be in the small-print or terms and conditions, but clearly set out.
      • There will be a shift towards an ‘opt in’ as opposed to ‘opt out’ method (opt out is where you say, if you do not want this newsletter please uncheck this box)
      • Keep good records of consent
      • Keep a suppression list – i.e. individuals who have expressly stated they do not want to receive direct marketing from you.
      • Simple easy-to-access ways for people to withdraw consent. It should be just as easy to withdraw consent as it is to give it.
  • Launch of Fundraising Preference Service (FPS) – Summer 2017
    This is a new service, which will be launched by the newly formed Fundraising Regulator, which aims to give the public genuine choice and greater control over the information they receive from different charities. Individuals will be able to specify that they want to stop communications from particular charities. This request will activate a legal right to stop direct marketing under the DPA.

RVA will continue to provide updates as we approach the introduction of GDPR. If you have any questions or if you are unsure how to apply the new regulations in practice, such as how to ensure your consent forms are up to date and comprehensive enough, please get in touch on advice@rva.org.uk or telephone 0118 9372 273, we can take a look at these for you and provide free advice on how to update them.

Further resources:

ICO overview of GDPR

Fundraising Regulator – Fundraising Preference Service, including FAQ’s