General Data Protection Regulation

Institute Of Fundraising Launch New GDPR Guide

Today has seen the Institute Of Fundraising launch their new guide for all organisations in the third sector who will be affected by the new European Union General Data Protection Regulations. The new guide has been written in conjunction with the law firm Bircham Dyson Bell and will give charities and other organisations in the third sector an important resource to help them understand and engage with the forthcoming changes to data protection laws across the European Union.

The new General Data Protection Regulations will be implemented across Europe on May 25 2018 and as well as the guide, the Institute of Fundraising will also be running a series of training courses across the UK this summer on GDPR compliance entitled “Be GDPR Ready”.

What Does The Guide Cover?

The guide has been written to answer many of the key questions that charities and other third sector organisations have been asking about the director General Data Protection Regulations. These will include issues such as:

  • It’s not just a fundraising issue – Whilst the issue of how fundraisers can lawfully contact donors and potential donors has been the main focus of the talk about GDPR and its effect on charities, it’s impact will be much more widespread in charities as it will affect anything that involves processing an individual’s personal data, including staff.
  • Saying “click here to read our privacy policy” is no longer enough. Why you are collecting personal data and how you intend to use will need to be explained and if you are making any of the data available to third parties, then this will have to have explicit consent.
  • Opt-in or opt-out is going to be a tricky balancing act. Implied consent as is popular now is not enough as the GDPR specifically states “silence, pre-ticked boxes or inactivity should not constitute consent”.
  • Access must be provided to users to obtain their personal data. People will be able to make subject access requests at any time. Charities and other third sector will have to have practices and processes in place to ensure that this does not become too time-consuming.
  • Data must be managed properly. People will now have the right to be forgotten, for example, so organisations will need to have procedures and policies to cope with any such requests.
  • Charities and third sector organisations will need to be aware that the Information Commissioner’s Office can and will fine organisations for breaches in data protection. These are much higher than what is in place currently. And charities should make sure that they have the right policies and procedures in place to prevent, detect and report any personal data breaches.

Speaking about the guide, Daniel Fluskey, Head of Policy & Research at the Institute of Fundraising, said:
“We have put this short guide together to help fundraisers answer the really key questions they’ve got about how they can contact their supporters.  We know that all fundraisers and charities want to get this right to be sure that they’re meeting their legal requirements as well as giving their donors a great experience of supporting that cause. GDPR is coming, and with just over a year left to get ready it’s vital that charities are aware of what changes are coming and have policies and processes in place to be ready.”

Add comment