​Charities and Data Protection - Are you keeping up?

​Charities and Data Protection - Are you keeping up?

The profile of charities has been hit recently over their use of data about supporters and donors. The fundraising activities and reputation of some charities hit an all-time low following the suicide in Bristol of Mrs Cooke who was believed to be Britain's longest serving poppy seller. Mrs Cooke had been pestered and harassed by so many charities causing her severe depression.

In the aftermath of this case national charities have had to urgently review their behaviour and fundraising activities especially looking at how they use and share data. There has recently also been a series of fines levied by the Information Commissioners Office on national charities that breached the Data Protection Act 1998 by misusing donor's personal data. Household names including the RSPCA, British Heart Foundation and Cancer Research UK were fined. The RSPCA and British Heart Foundation had imposed on them a combined fine of £43,000 by the Information Commissioner and decided not to challenge this those fines being for passing on the personal data of hundreds of thousands of donors to wealth management companies and to other charities. Strong objections were raised to the fines but whether or not they were disproportionate as the charities suggested it is clear that all charities are now much more closely being watched to ensure that they behave properly in relation to the data that they hold and use.

It has therefore never been more important for charities to review their activities and the way in which they collect, store and use data to ensure that they comply with data protection law. To make the situation even more complicated this law is about to go through a fundamental and radical change with the General Data Protection Regulation (GDPR) coming into operation on 25th May 2018. Charities are not exempt from complying with data protection law – quite the reverse as they not only need to ensure that they are not subjected to fines and punishment for non-compliance but also they need to ensure they can recover the faith and confidence that supporters and potential donors have. The new regulations will give more protection to individuals where explicit consent for data to be collected will need to be given and organisations will need to be clear as to their intended use of the information.

To provide further protection to individuals there is now a charities fundraising preference service. People can opt out of charity fundraising communications and again charities need to be very careful to ensure that they not only comply with this provision to avoid fines but also to make sure that they can show supporters that they value this and do not tarnish the reputation of charities even further. All charities therefore need to review urgently how the GDPR will affect them by carrying out a review of the use of personal data in their marketing and fundraising. If email marketing campaigns are to be carried out by a charity they will need to be able to demonstrate that people have opted in to receive the information and records need to be kept of how the "opt-in" was made. Therefore at a time when the financial landscape for charities remains very difficult they have further rules surrounding data and contacting supporters intended to improve the sadly tarnished reputation of some charities which in turn can damage the reputation of all charities.

Commentary by Neale Grearson, Head of Clapham & Collinge Charity Department.

We offer a full range of legal services to our clients from the Charity sector, please see our dedicated webpage on our legal services for Charities for more information. Contact us today on 01603 693500 or email us using the 'Make an enquiry' form. Appointments available at our Norwich, North Walsham, and Sheringham offices.