• Contact Us

59 Charities Referred to the Information Commissioner's Office

on Thursday, 16 May 2019.

The Fundraising Regulator has referred 59 charities to the Information Commissioner's Office (ICO).

This was for their failure to log into the Fundraising Preference Service (FPS) to collect requests made by members of the public for the charity to cease contacting them. The Fundraising Regulator warned the charities that they may be in breach of data protection law by ignoring these suppression requests.

What Is the FPS?

The FPS is a mechanism through which individuals can exercise their data protection rights against the charities which have registered with the service. This means that not complying with requests made through the FPS may amount to a breach of the General Data Protection Regulation and/or the Privacy and Electronic Communications Regulations. When an individual logs a request with the FPS this automatically sends an email to the charity's nominated contact to ask them to act on the request through the FPS system within 28 days of the request. The time limit for response has since been reduced to 21 days (effective from 1 March).

The 59 charities referred to the ICO had failed to act on these requests, despite repeated attempts by the Fundraising Regulator to contact the charities to ascertain their reasons for ignoring the requests. Warnings had also been sent to the executives at each charity.

What Does This Mean for Charities?

The director of investigations at the ICO, Stephen Eckersley, has commented: "Charities that ignore the Fundraising Preference Service run the real risk of causing distress and offence to people who just don't want to receive their marketing communications. The ICO has written to them to remind them they must act lawfully and responsibly in protecting people's personal data and in how they communicate with them. Our advice for charities is clear: they must not contact people registered on the FPS and, where we see this happening, we will investigate and take enforcement action where necessary."

The Fundraising Regulator has confirmed that some of the requests in question date back to July 2017, when the service was launched. This shows a lack of engagement from the charities in relation to individuals exercising their rights.

We previously let you know that the Fundraising Regulator is now naming all of the charities which it investigates even if there has been no breach of the Fundraising Code of Practice. All 59 charities referred to the ICO have therefore been named.

A Useful Reminder and a Call to Action

These referrals should therefore serve as a useful reminder to charities of their obligation to respect the wishes of individuals when it comes to their personal data. Not doing so can have both legal and reputational consequences now that the Fundraising Regulator is 'naming and shaming' charities.

As such, charities should ensure that there are appropriate processes in place to manage requests that come in through the FPS and to ensure early engagement with the requests. Doing so may give you the best chance of avoiding complaints and the subsequent public shame of being named.

Our data protection team are experienced in advising charities on a range of issues, including in relation to fundraising communications.


For specialist legal advice, please contact Bronwen Jones in our Data Protection team, or complete the form below. 

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input