The GDPR and the charity sector


What is the GDPR?

You may have heard this acronym being bandied about. It means the General Data Protection Regulation and is intended as a legal framework for data protection within the EU. It will actively apply to the UK as of May 2018 and will legally impact all organisations who hold data as part of their operation. This includes charities, fundraising agencies and databases. So the legislation will have a significant impact on the charity and not-for-profit sector.

Luckily, we’ve provided an overview of the GDPR and how it will affect the charity sector. You can also find further reading if you need to know more.

  • Director of Development - Whitechapel Gallery (£55-60,000, London, Greater London)

    Whitechapel Gallery

    London, Greater London


    View job Save job
    Director of Development - Whitechapel Gallery (£55-60,000, London, Greater London)
  • Volunteer Coordinator - Dogs Trust (£18,111 - 18,376 per year + benefits & weighting allowance where supported, Salisbury, Wiltshire, South West)

    Dogs Trust

    Salisbury, Wiltshire, South West

    £18,111 - 18,376 per year + benefits & weighting allowance where supported

    View job Save job
    Volunteer Coordinator - Dogs Trust (£18,111 - 18,376 per year + benefits & weighting allowance where supported, Salisbury, Wiltshire, South West)
  • Fundraising Product Manager - In Memory Giving - British Heart Foundation (Negotiable, Camden, London)

    British Heart Foundation

    Camden, London


    View job Save job
    Fundraising Product Manager - In Memory Giving - British Heart Foundation (Negotiable, Camden, London)
  • Account Manager - Audience: Fundraising and Communications (£28,000 - £37,500, West Sussex, South East)

    Audience: Fundraising and Communications

    West Sussex, South East

    £28,000 - £37,500

    View job Save job
    Account Manager - Audience: Fundraising and Communications (£28,000 - £37,500, West Sussex, South East)
  • Legacy and In-memory Fundraiser - Worldwide Cancer Research (£27k - £30k, Home-based)

    Worldwide Cancer Research


    £27k - £30k

    View job Save job
    Legacy and In-memory Fundraiser - Worldwide Cancer Research (£27k - £30k, Home-based)

What does this mean for data protection? Our charity already complies with all regulations.

In many ways, the point of the GDPR is to ensure data “controllers and processors” (you may not feel this is what you are if you operate or use a donor database, but it is exactly what you are according to the GDPR) do more than just comply. It is a significant regulatory document, not just a checklist. It is intended to protect the rights and freedoms of the individuals whose information you hold.

Any existing UK regulation will be replaced by the new GDPR policy. It is quite extensive but will be fully expected to be adopted by charities.

The GDPR and the charity sector

The key concepts:

Overall policy
  • Increased Scope: The GDPR will apply to all organisations who hold and process personal data in the EU: “regardless of whether the processing takes place in the EU or not.” This removes previous loopholes and ensures compliance.
  • Harsher Penalties: The maximum fine for violation of the policy can be up to 4% of annual turnover.
  • Strengthened consent requirements: Clear and concise terms and conditions must be presented to the “data subject” the purpose of an organisation’s use of data must also be explained.
Increased rights for the “data subject.”
  • Breach notification: The relevant authorities must be notified of a data breach within 72 hours.
  • Access rights: Individuals whose data is held can request to see that information and is entitled to be informed why their information is processed and where it is done.
  • Right to be forgotten: An individual has the right to have their data permanently erased. This will also apply to third parties and does not require a formal withdrawal of consent.
  • Data portability: An individual has the right to see any data held about them. However, this must be presented in clear and readable terms.
  • Privacy: “Privacy by design” requires that data protection is considered as part of a system’s core design rather than being added on.
  • Data protection officer: Larger multinational organisations must appoint a data protection officer who will have significant knowledge of data protection issues and maintain internal records.

A good way to think about all this is to consider the GDPR as continually urging you to examine the justification as to why you hold personal data and also what you do with it. If an organisation cannot clearly answer these questions, they will need to consider removing the data they hold. Being asked to remove irrelevant data can and will apply to the charity sector.

How will the GDPR impact the charity sector?

Fundraising professionals and those working with or supporting fundraisers will need to ensure all donor information complies with GDPR regulations. The GDPR is applied to (its own wording) all “controllers and processors” so any charity which holds or organises data, will need to ensure that all employees and volunteers are aware of and trained to deal with data protection. It be will your obligation to protect the personal information of your donors.

Charities need to be aware that no significant exemptions will apply to them. Regardless of how we feel about this, it does means that no additional legal protections will apply to those who fail in their data protection duties. This may have positive and negative impacts, though it may curb breaches. Recently, there have been high profile failings from charities to store data securely. Other notable cases have included the non-consensual sharing of data and seeming harassment of those on certain donor databases.

The GDPR and the charity sector

What the charity sector needs to do is ensure that individuals are always informed when their data is shared, told where and why. If you do share information, then keep in mind that consent to share data must be explicitly gained. Furthermore, when asked, a charity must be prepared to justify any actions they perform with donor data and remove it if necessary.

Will it apply after Brexit?

Yes! All legislation included in the GDPR will be translated into UK law. All data-holdings organisations in the UK will need to comply with these regulations regardless of the brexit outcome. So it is good idea to begin preparations now. The potential consequences of non-compliance will not be relaxed for charitable organisations. The possibility of losing data permanently exists for anyone. The ramifications of this for donor databases and other such services could be potentially devastating. So do prepare, but don’t be too concerned, if you are open, transparent and consensual about your data use already then there won’t be too much work to do.

Further reading

The Institute of Fundraising have released a guide covering GDPR essentials for fundraising organisations. Which may be useful for charities concerned as to how this will affect their practice.

If you’re a real data-protection buff, then have a look at the official page for further information. Additionally the ICO have produced as series of blogs about charities and the GDPR. You can also ask questions about the GDPR on CharityConnect.


About Sanjay Bheenuck

Marketing Coordinator here at CharityJob. Writer of obscure fiction and global wanderer in my spare time. Which Way to Inner Space?

Read more articles

Continue the conversation on charityconnect

Meet others
a difference

Connect with people in the charity sector
to share ideas and discover opportunities.

Join us

Right now on Charity Connect

  • Richard Sved

    Richard Sved


    3rd Sector Mission Control

    Five charity interview tips

    “ My very first interview for a paid job in the charity sector was 21 years ago. My first successful charity job interview was around 6 months later. And since then... ”
  • Lizzi Hollis

    Lizzi Hollis

    Corporate Account Manager

    Independent Age

    5 things I learnt from ‘Equality in the Workplace’

    “ This month Fundraising magazine has published its first ever Equality in The Workplace report and as CharityConnect’s resident feminist writer I want to share with you 5 things I learnt from it... ”
  • Meredith Niles

    Meredith Niles

    Fundraising Director

    Marie Currie

    Time to come off the list?

    “ It's that time of year when each trip to the postbox reveals a fresh pile of warm wishes from friends and family. I am not especially disciplined about getting... ”
  • Clare Lucas

    Clare Lucas

    Activism Manager


    Time to rally, not to wallow

    “ So, I woke up this morning and for a moment I had forgotten that it was inauguration day; the day that Donald Trump would become the 45th President of the United States. Then I remembered... ”
  • Dawn Newton

    Dawn Newton


    Morello Marketing

    5 Ways Charities Can Benefit from Collaboration

    “ When organisations with a common aim work together, they can cut costs, improve outcomes and reduce duplication... ”

Join our Newsletter

Get the latest career tips sent directly to your inbox by subscribing to our newsletter!