• Careers
  • Contact Us

Fundraising and Data Protection - What Do Charities Need to Know?

on Wednesday, 26 April 2017.

There has been a continued focus on fundraising over the past few months and we outline several of the relevant updates below.

Fundraising Regulator's Guidance

The Fundraising Regulator (FR) has published its guidance "Personal Information and Fundraising; Consent, Purpose and Transparency."

The FR guidance anticipates the European General Data Protection Regulation (GDPR), which will come into effect in 2018. In the meantime, these guidelines set out a best practice guide on direct marketing to help trustees understand their charity's responsibilities in relation to 'donor consent, data protection and legitimate interests'.

The guidance explains that a basic requirement of data protection transparency is to tell individuals if they are processing personal data, what the data is being processed for, and provide any other information needed for it to be fair to process the data.

As well as meeting transparency requirements, charities must also have a legal basis for using personal data. In the case of direct marketing by most electronic methods, this means having the individual's consent:

  • Communicating with individuals on an opt-in basis as the "clearest, safest and most future-proof way" for charities to ensure they have the consent of donors. Charities which use the 'opt-out' method of gaining consent risk falling short of the standards which will be set out in the GDPR in 2018.
  • Fundraising charities or other organisations should refresh individuals' consent for communications within a 'reasonable timescale'. There is no official clarification on how long this might be but the FR advises to assess how long an individual would consider reasonable from providing consent to being asked to refresh it. Other factors to consider are the charity size, how often an individual is contacted and the form of communication.
  • In certain circumstances (and not direct marketing by electronic means), a charity can use personal information where it is necessary to do so for the charity's legitimate interests. However, charities cannot simply rely on this condition without performing a 'balancing exercise' which takes into consideration the reasonable expectations of individual, the nature of the communication and due protection of the individual's rights and freedoms.
  • The ban on electronic direct marketing without consent works slightly differently for telephone marketing. The ban is triggered only if the number is registered to the Telephone Preference Service (TPS) - although a legitimate interest would still need to be shown to make contact using a number which is not on the TPS. In its guidance, the FR recommends that that charities do not use telephone for direct marketing unless they have consent, whether or not the number is registered to the TPS.

The guidance provides action checklists and a self-assessment toolkit to help trustees implement the guidance.

The ICO has also published separate draft guidance on data protection and consent.


ICO Fines 11 Charities

11 charities have been fined £138,000 in total by the ICO for misusing donors' personal data.

In January the ICO issued notices of intent to fine 11 charities. The organisations involved then had 28 days from receiving the notices to make representations to the independent regulator.

Fines have now been issued which range from £6,000 to £18,000. The issues of concern to the ICO in the different cases included issues of transparency and consent relating to sharing personal data with other charities, using personal data to estimate donors' wealth (wealth screening) and using what personal data they had about individuals to discover missing information (data matching).

The Charity Commission has opened compliance cases into the 11 charities who have been fined.

The ICO has set out its position on wealth screening and data matching in a conference paper


Code of Fundraising Practice Consultation

The FR has opened a consultation on the Code of Fundraising Practice, seeking sector-wide feedback on suggested changes.

These are the first proposed changes the new regulator has put forward. The FR is seeking views on a wide variety of areas, including charity trustees, whistleblowing, people in vulnerable circumstances and disclosure statements.

Proposed changes include a stricter requirement for solicitation statements to be given to potential donors, and for clear reporting procedures for any fundraising concerns that staff or volunteers may have. Another area under review is the 'three asks' rule, the number of times a fundraiser can ask for a contribution in one interaction, which could apply only to financial donations and not requests for support or time.

The consultation closed on 28 April 2017.


Update on Scope of the Fundraising Preference Service

Plans for the Fundraising Preference Service (FPS) have been slowly refined over the past few months.

We previously reported on FPS. The Fundraising Regulator has now confirmed that the FPS will apply to direct marketing communications, rather than to 'all communications'. Communications such as confirming direct debit details, acknowledging gifts (if necessary and not promotional), and communications necessary to comply with gift aid rules will not fall under the FPS's remit.

The system is expected to be live by the summer of 2017.


For further information, please contact Andrew Wherrett in our Charity Law team on 0117 314 5269.

Leave a comment

You are commenting as guest.