Data protection

Many charities use individuals' personal data to better target their fundraising communications and maintain supporter records.

The General Data Protection Regulation (enacted in the UK as the Data Protection Act 2018) came into effect in May 2018. This introduces new legal requirements for all organisations that process individuals' personal data. It also gives individuals more control over their own personal data.

I want to go straight to the code and read what it says about data protection

Read the code

I want to go straight to the code and read what it says about data protection

I have a concern about a data protection issue

Make a complaint

I have a concern about a data protection issue

For fundraisers

The Code of Fundraising Practice requires you to respect the public in how you how you process their personal data. Processing data means doing something with it, including collecting, storing and using it.

Personal data is any information relating to a living individual who can be directly or indirectly identified from it. This could include keeping records, or using data for direct marketing.

Fundraisers must ensure that they have an appropriate legal basis to use personal data, including when they contact supporters. There are six legal bases for processing personal data For more information on these, please see guidance from the Information Commissioners Office.

For further information on your responsibilities regarding data processing, see code section 3. Information about fundraising communications can be found in section 9.

The ICO has put together guidance to help organisations comply with GDPR.

You can also find information and guidance on data protection on our introduction to GDPR page, including bitesize guides we have produced with the Chartered Institute of Fundraising.

For the public

Under GDPR, you have many legal rights over the way your personal data is used. You can find out more about these rights and how they relate to you on the ICO’s guidance pages.

You can ask an organisation to stop processing your data for certain purposes. The European Commission has produced guidance on when you can do this.

Charity communications should provide you with information on how to stop receiving them. If you wish to stop hearing from certain charities, you can contact them directly or use the Fundraising Preference Service.

Data protection resources


Code of Fundraising Practice updated in line with GDPR

Updates have been made to the Code of Fundraising Practice to incorporate the General Data Protection Regulation, and took effect on 25th May.
Read more

GDPR briefing: Introduction (1)

The Fundraising Regulator and Chartered Institute of Fundraising (CIoF) produced six data protection briefings in February 2018 in advance of the General Data Protection Regulation (GDPR) becoming eff...
Read more