The Fundraising Regulator has launched a consultation on proposed changes to the Code of Fundraising Practice. The Code sets out the standards expected of all charitable fundraising organisations across the UK.
The key driver behind the consultation is the forthcoming implementation of the General Data Protection Regulation or GDPR, which will come into force on 25th May 2018. The change has been described by the Information Commissioner, Elizabeth Denham, as “the biggest change to data protection law for a generation”.
The revised Code also proposes changes required as a result of:
- Issues identified by the ICO’s investigation of a number of charities for breaches of the Data Protection Act, including wealth screening, data matching and tele-appending and use of publically available data;
- Findings from a National Council of Voluntary Organisations (NCVO) working group in September 2016 into charities’ relationships with donors, including proposed guidelines on use of legitimate interest; and
- Guidance issued by the ICO and the Fundraising Regulator on Direct Marketing.
The main changes to the Code recognise that charity fundraisers must understand and mitigate the risks they create for others when using a person’s data. This obliges fundraisers to:
- ensure they have legitimate grounds for collecting, using and retaining personal data;
- not use personal data in ways that have unjustified adverse effects on the individuals concerned;
- give individuals clear and accessible information about how they will process their personal data, including who the organisation is; what they are going to do with the individual’s personal information; and (where relevant) who it will be shared with.
- only handle personal data in ways that the data subject would reasonably expect; and
- not do anything unlawful with personal data.
There are of course significant commercial benefits to be garnered from ensuring compliance with the Code and data protection regulation. Public confidence in the charity sector has undoubtedly been damaged by recent ICO investigations. A robust compliance regime demonstrates to potential donors that an organisation respects the privacy of the individual. This, in turn, nurtures trust between fundraisers and donors. Over time, this can play a significant role in influencing a donor’s choice of the charities they choose to support.
Responses to the consultation must be submitted by no later than Friday, 8th December 2017.
If your organisation requires help to understand and implement the changes required by the Code and GDPR, then please contact Mark Roberts or Keith Arrowsmith on 0161 826 1266. We’d be more than happy to assist.