At the unprecedented gathering in Manchester, the Fundraising Regulator launched their long-awaited guidance – and the ICO made clear that charities are at a crossroads when it comes to using personal information for their fundraising, promotional and campaigning activities.
There were a number of key messages worth noting from the ICO’s keynote speech:
Bottom line: “You can cling to the belief that we’ve got the law wrong or that it doesn’t apply to your sector or that the regulatory burden is too great. Or you can commit to positive change. Change that, in my view, is not only achievable but will reap its own rewards.”
These messages are echoed in the Fundraising Regulator’s new guidance and supporting tools.
Gary Shipsey, Managing Director of Protecture and co-author of the Guidance and supporting tools, introduces these below:
Personal Information and Fundraising: Consent, Purpose and Transparency - download
The Guidance is designed to help charities better understand their current responsibilities (the Data Protection Act and the Privacy Regulations), existing Codes of Practice, and the forthcoming GDPR requirements when looking to us personal information for Direct Marketing.
It guides you through the three related elements of compliance:
(a) Clarity of purpose
Clearly defining what Direct Marketing activities your charity wants to use personal information for.
(b) Lawfulness – e.g. consent, or legitimate interests
Establishing the lawful basis on which you plan to obtain and use personal information for the purposes you’ve agreed on. The channels of communication you wish to us to communicate with people are central to this.
(c) Fairness and Transparency
How your charity will ensure individuals are treated fairly; know about your proposed use (or uses) of their personal information, and can use their rights to manage their personal information.
Download the Guide here.
Actions Checklist - download
An actions checklist appears at the end of each section of the Guidance. These suggest actions that fundraising organisations should consider in follow up to the issues raised. For ease of use, the actions have been separated into a single checklist.
Download the checklist here.
Consent Self-Assessment Tool - download
The consent self-assessment tool provides a means of self-assessing the standard of consent you currently operate and you current degree of compliance.
This is an important assessment. Consent held at the time the GDPR becomes law will only remain valid if (a) it already meets the existing standard of consent defined in the Directive, and (b) the manner in which the consent was given is in line with the conditions of the GDPR (for example: silence, pre-ticked boxes or inactivity were not used as a means to obtain the consent).
You may conclude, for some sets of personal data, that the consent you currently hold meets the required standards – and you can and will rely on the consent going forward into May 2018.
You may conclude, for some sets of personal data, that you need to seek updated consent – to ensure it meets the GDPR standard.
Seeking updated consent requires you to have consent to the current standard required by the DPA (as the act of seeking further consent is itself processing their personal information for a direct marketing purpose). Again, the consent self-assessment tool can be used to make this assessment.
Download the consent self-assessment tool here.
Case Studies - download
The case studies we have included alongside this guidance provide examples of various ways in which charities are changing their fundraising practices with a view to complying with data protection requirements.
Download the case studies here.
Join Protecture for our webinar "Fundraising and Regulatory Compliance" on 9th March 2017, where Gary Shipsey will discuss how the new Guidance affects you and the practical steps you should take now:
Morning session - register here
Afternoon session - register here
Learn more about our support service here