Skip to main content

Data protection

Many charities use individuals' personal data to better target their fundraising communications and maintain supporter records.

The General Data Protection Regulation (enacted in the UK as the Data Protection Act 2018) came into effect in May 2018. This introduces new legal requirements for all organisations that process individuals' personal data. It also gives individuals more control over their own personal data.
Fr comms white@1x

I want to go straight to the code and read what it says about data protection

Read the code

I want to go straight to the code and read what it says about data protection

I have a concern about a data protection issue

Make a complaint

I have a concern about a data protection issue

For fundraisers

The Code of Fundraising Practice requires you to respect the public in how you how you process their personal data. Processing data means doing something with it, including collecting, storing and using it.

Personal data is any information relating to a living individual who can be directly or indirectly identified from it. This could include keeping records, or using data for direct marketing.

Fundraisers must ensure that they have an appropriate legal basis to use personal data, including when they contact supporters. There are six legal bases for processing personal data For more information on these, please see the ICO’s guidance.

For further information on your responsibilities regarding data processing, see Code Section 5. Information about the fundraising communications can be found in Section 6.

The ICO has put together guidance to help organisations comply with GDPR. You can also find information about GDPR and fundraising on the IoF’s website.

For the public

Under GDPR, you have many legal rights over the way your personal data is used. You can find out more about these rights and how they relate to you on the ICO’s guidance pages.

You can ask an organisation to stop processing your data for certain purposes. The European Commission has produced guidance on when you can do this.

Charity communications should provide you with information on how to stop receiving them. If you wish to stop hearing from certain charities, you can contact them directly or use the Fundraising Preference Service.

Data protection resources

News

Code of Fundraising Practice updated in line with GDPR

Updates have been made to the Code of Fundraising Practice to incorporate the General Data Protection Regulation, and took effect on 25th May.
Read more
Guidance

GDPR briefing: introduction

The Fundraising Regulator has worked with the Institute of Fundraising to produce 6 briefings on GDPR. These “bitesize” guides are designed to be as accessible and as relevant as possible for fundraisers. This briefing paper focuses on a general introduction to GDPR.
Read more
Guidance

Data protection library: General Data Protection Regulation (GDPR) guidance and information

Find out what GDPR is about.
Read more

Related investigations