Data protection library: General Data Protection Regulation (GDPR) guidance and information


  • We've worked closely with the Chartered Institute of Fundraising (CIoF) to produce a two page ‘bite-sized’ guidance briefing on what GDPR is.
  • ‘GDPR at a glance’ is a detailed infographic covering basic need-to-know information, produced by the CIoF and the Small Charities Coalition.
  • The ICO has a short guide to understanding who and what information GDPR applies to.
  • The ICO has produced guidance and tools to help smaller organisations.
  • The ICO have also launched a dedicated GDPR helpline for smaller charities (see “Other regulatory support” below for more details).

The following resources provide more information on the legal detail of GDPR and how it will affect UK law:

  • The GDPR legislation is published on the European Union website.
  • The Homepage of EU GDPR is the starting point for information about this legislation, and includes FAQs, key changes and a GDPR timeline.
  • The ICO have created an ‘Overview of GDPR’ with basic information, key themes and details of how GDPR differs from the Data Protection Act 1998 (DPA).
  • The Data Protection Bill entered parliament in September 2017. It will incorporate GDPR and has been designed to modernise existing UK data protection laws. The ICO have published an Overview on their website.
  • The homepage for the Data Protection Act 2018, which enacts GDPR in UK law.

Understand what the GDPR means for charities and fundraising

  • We've worked closely with the CIoF to produce ‘bite-sized’ guidance briefings aimed at smaller organisations covering the implications of GDPR on legacy, charitable trust, community and corporate fundraising.
  •  The NCVO has produced a 45 minute webinar to explain what GDPR means for your charity.
  • The Information Commissioner’s 25 minute speech at the ICO/Charity Commission/ Fundraising Regulator GDPR event in February 2016 sets out expectations for charities’ use of personal data.
  • The ICO has produced a general action plan for organisations to prepare for GDPR.
  • The NCVO has developed a 12 step Action Plan for voluntary organisations on how to prepare for GDPR and data protection reform.
  • The CIoF has created a detailed 10 Step Action Plan to GDPR compliance and a checklist for charity fundraising.
  • The ICO has produced GDPR guidance on when to rely on consent for processing and when to look at alternatives.
  • The Data Protection Network has produced guidance for organisations seeking to use the legitimate interest condition as a lawful basis for using personal data (please note that access requires sign up).
  • The CIoF has also produced guidance on GDPR essentials for fundraising organisations.
  • The ICO has produced a conference presentation and a conference paper focusing on considerations for charities re-using publicly available data, wealth screening, data matching and teleappending.
  • The ICO has a Privacy Notice Code of Practice providing guidance on when and how to tell individuals how their data will be used. This includes a section on additional considerations under GDPR.

Putting GDPR into practice: Tools and templates

Assess your data practices to see if they are GDPR compliant

Write a Privacy notice telling individuals how you will use their data

  • The ICO has a checklist of what needs to be included in a privacy notice to individuals telling them how you will use their data. This is particularly relevant for charities relying on legitimate interest to process personal data.

Other regulatory support

The ICO:

We have an enquiries service for queries related to good fundraising practice, including the use of personal data (0300 999 3407 or )

The CIoF and the NCVO provide training on data protection and becoming GDPR ready.