Helping you comply with your responsibilities to information rights in not-for-profit, charitable and voluntary organisations.

Fundraising and Regulatory Compliance Conference

The Fundraising and Regulatory Compliance Conference is aimed at helping charities and other fundraising groups comply with the law  and will be held at Manchester Town Hall on Tuesday 21 February and live streamed here from 10am.


Jointly organised by the ICO, Charity Commission and Fundraising Regulator, the conference will set out the regulatory requirements and expectations for fundraising bodies and their boards under current and forthcoming data protection legislation.

The agenda for the conference can be viewed online, and a video recording of the conference and other related resources will be made available after the event. 

You can read more about the conference in our press release.

Marketing

Our recent webinar offers advice to charities about direct marketing, based on our updated guidance - presented by  Senior Policy Officer Ian Inman and Senior Enforcement Officer Andy Curry. Direct marketing does not just refer to selling products or services to individuals – it includes the promotional and fundraising activities of charities as well. For example, a charity contacting individuals to appeal for funds or support for a campaign would be covered by the direct marketing rules. Our direct marketing guidance explains what charities and voluntary organisations need to do to comply with electronic marketing regulations and data protection law. Charities must follow the same rules around cold calls that apply to any other organisation. That means checking whether someone is on the Telephone Preference Service (TPS) list before calling them. Where someone is listed on the TPS, charities and fundraising organisations may only call where they have specific permission from the subscriber to do so.

Requests for personal information

Your employees and customers have rights to see their personal information. They can make a subject access request to see the personal information you hold about them.

 

Top five tips

Here are our top five of data protection tips for small and medium sized charities and third sector organisations:

  1. Tell people what you are doing with their data
    People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.

  2. Make sure your staff are adequately trained
    New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.

  3. Use strong passwords
    There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.

  4. Encrypt all portable devices
    Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.

  5. Only keep people’s information for as long as necessary
    Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.

Charity sector toolkit

In response to feedback, a toolkit has been created specifically for organisations in the charity sector – reminding staff to ‘press the mental pause button’ when handling personal data.

Please note: the materials are not ICO materials; we are providing the materials on the website for charities to download as a useful tool to promote privacy matters in their own organisation.

Audits, advisory visits and overview reports

See the latest reports detailing some of the good practice and areas for improvement we have seen in the charity sector.

Further reading