Helping you comply with your responsibilities to information rights in not-for-profit, charitable and voluntary organisations.

Marketing

Our recent webinar offers advice to charities about direct marketing, based on our updated guidance - presented by  Senior Policy Officer Ian Inman and Senior Enforcement Officer Andy Curry.

Direct marketing does not just refer to selling products or services to individuals – it includes the promotional and fundraising activities of charities as well. For example, a charity contacting individuals to appeal for funds or support for a campaign would be covered by the direct marketing rules. Our direct marketing guidance explains what charities and voluntary organisations need to do to comply with electronic marketing regulations and data protection law. Charities must follow the same rules around cold calls that apply to any other organisation. That means checking whether someone is on the Telephone Preference Service (TPS) list before calling them. Where someone is listed on the TPS, charities and fundraising organisations may only call where they have specific permission from the subscriber to do so.

Requests for personal information

Your employees and customers have rights to see their personal information. They can make a subject access request to see the personal information you hold about them.

 

Top five tips

Here are our top five of data protection tips for small and medium sized charities and third sector organisations:

  1. Tell people what you are doing with their data
    People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.

  2. Make sure your staff are adequately trained
    New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.

  3. Use strong passwords
    There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.

  4. Encrypt all portable devices
    Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.

  5. Only keep people’s information for as long as necessary
    Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.

Charity sector toolkit

In response to feedback, a toolkit has been created specifically for organisations in the charity sector – reminding staff to ‘press the mental pause button’ when handling personal data.

Please note: the materials are not ICO materials; we are providing the materials on the website for charities to download as a useful tool to promote privacy matters in their own organisation.

Audits, advisory visits and overview reports

See the latest reports detailing some of the good practice and areas for improvement we have seen in the charity sector.

Further reading