The Fundraising Regulator has opened a consultion on changes to the Code of Fundraising Practice to make sure it complies with data protection rules – including the upcoming General Data Protection Regulation.
The Code governs what fundraisers are allowed to do in the course of their work, and the regulator has previously said that it will have to make substantial changes to comply with GDPR.
The regulator is also proposing to change the Code to address issues raised by the Information Commissioner’s Office, after it fined two charities in December and 11 more in March for breaching the existing Data Protection Act.
Changes to the Code are also intended to add clarity and address recommendations from an NCVO working group.
Three new sections have been proposed for the Code:
- Legitimate Interest: Incorporating GDPR and recommendations by the NCVO working group on donor communications
- Processing: Emphasising that, where activities are conducted using an individual’s personal data, this will count as ‘processing’ and data protection rules will apply
- Consent: Incorporating draft ICO GDPR guidance from May 2018
The consultation will run from October to December of this year. The Code is expected to be finalised in spring of next year, when it will be published and the changes implemented.
Suzanne McCarthy, chair of the Fundraising Regulator’s standard committee said: “Protecting personal data is a fundamental part of meeting the key principles of legal, open, honest and respectful fundraising within the Code. We welcome views on whether the changes proposed are clear in communicating fundraisers’ legal and ethical responsibilities on data.”
The consultation closes on Friday 8 December and responses should be emailed to [email protected] or posted to Policy Department
Fundraising Regulator, 2nd Floor, CAN Mezzanine, 49-51 East Road, London, N1 6AH.