The rights people have over their data
The United Kingdom General Data Protection Regulation (UKGDPR), part of the Data Protection Act 2018, gives people legal rights over their personal data.
The United Kingdom General Data Protection Regulation (UKGDPR), part of the Data Protection Act 2018, gives people the following legal rights over their personal data.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Special category data
Certain types of data need stronger protection. This includes information relating to:
- Race or ethnic background;
- Political opinions;
- Religious or philosophical beliefs;
- Trade-union membership;
- Genetics;
- Biometrics (e.g. a fingerprint or facial scan used to identify a person);
- Health;
- Sex life; or
- Sexual orientation (sexuality).
The Information Commissioner’s Office (ICO) is the lead regulator on data protection in the UK and so can provide the most up-to-date information on the issue. They offer extensive guidance on a range of topics of relevance to fundraising, including:
- Right to object (people’s right to object to you processing their personal data)
- Purpose limitation (keeping to limits on the purposes for which you are allowed to process personal data)
- Direct Marketing
- Electronic mail marketing (when the PECR does not apply)
- Lawfulness for processing (processing personal data in line with the law)
- Processing special category data
- Right to be informed (guidance on privacy notices)
- Legitimate interests (using this as a lawful basis to process data)
- Consent (using this as a lawful basis to process data)
If you process personal data, you may be required to pay the ICO data protection fee.