This week, 2 charities have been found to be in breach of the Data Protection Act and have been issued with monetary penalties by the Information Commissioner. Further charities are also under investigation. To avoid this fate read on….
The Charity Commission, the independent regulator of charities in England and Wales, and the Fundraising Regulator, are issuing an alert to all charities. It reminds trustees that they must, in addition to following charity law requirements, ensure that there are systems in place at their charity to identify and comply with any data protection laws and regulations that apply to its activities.
Following data protection law is a critical compliance area for any charity that handles personal information. It includes, but is not restricted to, collection, use and storage of donors’ personal data. The Commission’s guidance, Charity fundraising: a guide to trustee duties (CC20), is clear that trustees are responsible for having systems and processes in place at their charity to ensure that its fundraising is compliant with this legislation.
If you hold and process information about your donor, service users, employees or suppliers, you are legally obliged to protect that information. Data Protection can be complicated to grasp, but good information handling makes good business sense, and provides a range of benefits.
See guidance from the Information Commissioner’s Office at