GDPR – Should charities be afraid?

Personal data protection

We’ve had many warnings stating “GDPR is coming in 2018”. You should have heard of new GDPR changes within the last year. If you haven’t heard of it (which would be worrying!) then there’s no need to worry too much, as you have enough time to prepare, but you need to start now! The actual regulation is coming into effect from 25th of May 2018. Why 25th May and not 1st of May or June?  One for EU commissioners to answer!

GDPR will supersede the outdated Data Protection Act (DPA) and will bring in tighter rules concerning processing and who organisations can contact. GDPR will also address a number of issues including electronic data storage.

What problems are charities going to face with GDPR? It will change the way charities contact their current and potential donors. If you are sending emails to individual donors, both potential and current, then you will need consent from the individuals. However, how you receive and record that consent itself is tricky.  The ICO published draft guidance on this in March and promised to produce detailed guidance in 2017. If you want to read the guide you can click here.

Data Subject rights, which allow individuals to have the right to have their data erased and access to any data held on them for free, which will also be expected as part of the new regulations. This was not possible under the old DPA, except under certain circumstances.

The GDPR does however retain the requirement that data should not be kept longer than necessary. There is no set limit and charities will have to decide how long is necessary for them to keep the data.

Best thing for charities is to do an audit, work out where they are now regarding data. Do you send mail shots to individuals?  Where do you keep records of individual donors? Develop a strategy and document it.

For more advice, contact our partner Suda Ratnam on 020 8418 2681 or
You can also follow us on Twitter for more tips and news surrounding the charity sector.