Data protection

For fundraisers

The Code of Fundraising Practice requires you to respect the public in how you how you process their personal data. Processing data means doing something with it, including collecting, storing and using it.

Personal data is any information relating to a living individual who can be directly or indirectly identified from it. This could include keeping records, or using data for direct marketing.

Fundraisers must ensure that they have an appropriate legal basis to use personal data, including when they contact supporters. There are six legal bases for processing personal data For more information on these, please see guidance from the Information Commissioners Office.

For further information on your responsibilities regarding data processing, see code section 3. Information about fundraising communications can be found in section 9.

The ICO has put together guidance to help organisations comply with GDPR.

You can also find information and guidance on data protection on our introduction to GDPR page, including bitesize guides we have produced with the Chartered Institute of Fundraising.

For the public

Under GDPR, you have many legal rights over the way your personal data is used. You can find out more about these rights and how they relate to you on the ICO’s guidance pages.

You can ask an organisation to stop processing your data for certain purposes. The European Commission has produced guidance on when you can do this.

Charity communications should provide you with information on how to stop receiving them. If you wish to stop hearing from certain charities, you can contact them directly or use the Fundraising Preference Service.