L14.0 Data Protection L14.0 Data Protection
<<back to Legal Appendices sections
Note: MUST* and MUST NOT* (with asterisk) denotes legal requirement
MUST and MUST NOT (without asterisk) denotes requirement of the Code of Fundraising Practice
Data Protection is a legal requirement for all fundraising organisations and impacts on all data processing activities including:
- how data is collected
- what purpose it is collected for
- how data is used
- legal bases for processing data
- how data is stored and for how long
- how personal information is kept up to date
- how data is amended or deleted
The Information Commissioner’s Office (ICO) provides further information and guidance on data protection
Organisations need to adhere with the requirements of:
- General Data Protection Regulation 2018
- Data Protection Act 2018 (this Act supersedes the previous Data Protection Act 1998)
- Privacy and Electronic Communications (EC Directive) Regulations 2003
The Code of Fundraising Practice provides a summary of this complex and changing area of law and should not be used to replace professional legal advice.
- Section 5: Personal information and Fundraising includes further information on requirements relating to data protection.
- Please see also the Fundraising Regulator’s Guidance on Data Protection.