The General Data Protection Regulation (enacted in the UK as the Data Protection Act 2018) came into effect in May 2018. This introduces new legal requirements for all organisations that process individuals' personal data. It also gives individuals more control over their own personal data.
I want to go straight to the code and read what it says about data protection
Read the codeI want to go straight to the code and read what it says about data protection
I have a concern about a data protection issue
Make a complaintI have a concern about a data protection issue
The Code of Fundraising Practice requires you to respect the public in how you how you process their personal data. Processing data means doing something with it, including collecting, storing and using it.
Personal data is any information relating to a living individual who can be directly or indirectly identified from it. This could include keeping records, or using data for direct marketing.
Fundraisers must ensure that they have an appropriate legal basis to use personal data, including when they contact supporters. There are six legal bases for processing personal data For more information on these, please see guidance from the Information Commissioners Office.
The ICO has put together guidance to help organisations comply with GDPR.
You can also find information and guidance on GDPR in our data protection library including bitesize guides we have produced with the Institute of Fundraising.
For the public
Under GDPR, you have many legal rights over the way your personal data is used. You can find out more about these rights and how they relate to you on the ICO’s guidance pages.
You can ask an organisation to stop processing your data for certain purposes. The European Commission has produced guidance on when you can do this.
Charity communications should provide you with information on how to stop receiving them. If you wish to stop hearing from certain charities, you can contact them directly or use the Fundraising Preference Service.