We imagine that everyone must have, by now, heard about GDPR. It has been a very hot topic at fundraising conferences and in sector press for the past couple of years, and you have also probably started to receive emails from various service providers updating their terms and conditions, requesting your consent to ‘keep in touch’ or telling you about their revised privacy policies in anticipation of GDPR coming into force on 25 May 2018.
There is no shortage of information out there about GDPR, but the proliferation of articles, guidance and news updates can be rather overwhelming for many charity trustees, especially those of you who run relatively small, local charities. To help you navigate the abundance of information, below is our ‘round up’ of good guidance on GDPR specifically aimed at charities. We hope that you find this useful.
- The ICO has produced a dedicated resource page for charities on its website, and there is also an ICO helpline for charities: to access the new service, dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support.
- The ICO has also published a list of FAQs for charities. Issues covered include: what small charities have to do to ensure GDPR compliance, how to ascertain whether the consents charities already have for marketing and fundraising under the Data Protection Act 1998 remain suitable under the GDPR, and when a charity will need to appoint a data protection officer.
- The Fundraising Regulator and Institute of Fundraising have produced 6 briefings on GDPR designed to be as accessible and as relevant as possible for fundraisers. These are endorsed by the ICO and relate specifically to compliance with GDPR in the context of fundraising by charities. The ‘bitesize’ briefing look at the practical application of GDPR to real life scenarios, considering different fundraising methods and identifying ways in which personal data is likely to be used in each case.
- The Charity Finance Group has produced a Guide to GDPR for charities, which is endorsed by the Charity Commission and focuses on governance, financial data, beneficiary data, and employee data.
- The ICO has produced a self-assessment toolkit with small organisations in mind. It is intended to assist you to assess your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure.
- The IoF has published a guide entitled Connecting people to causes: a practical guide to fundraising research, which is designed to help fundraisers understand the lawful bases for processing data, and ensure that fundraisers treat people fairly and lawfully when they conduct major donor fundraising and prospect research work.