The United Kingdom General Data Protection Regulation (UKGDPR), part of the Data Protection Act 2018, gives people the following legal rights over their personal data.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Special category data
Certain types of data need stronger protection. This includes information relating to:
- Race or ethnic background;
- Political opinions;
- Religious or philosophical beliefs;
- Trade-union membership;
- Genetics;
- Biometrics (e.g. a fingerprint or facial scan used to identify a person);
- Health;
- Sex life; or
- Sexual orientation (sexuality).
The Information Commissioner’s Office (ICO) is the lead regulator on data protection in the UK and so can provide the most up-to-date information on the issue. They offer extensive guidance on a range of topics of relevance to fundraising, including:
- Right to object (people’s right to object to you processing their personal data)
- Purpose limitation (keeping to limits on the purposes for which you are allowed to process personal data)
- Direct Marketing
- Electronic mail marketing (when the PECR does not apply)
- Lawfulness for processing (processing personal data in line with the law)
- Processing special category data
- Right to be informed (guidance on privacy notices)
- Legitimate interests (using this as a lawful basis to process data)
- Consent (using this as a lawful basis to process data)
If you process personal data, you may be required to pay the ICO data protection fee.