The Information Commissioner’s Office has published a set of frequently asked questions about the General Data Protection Regulation (GDPR) for charities.
GDPR is a set of new data protection rules which come into force on 25 May. The ICO published its main guidance, which is aimed at all organisations, in November.
The ICO has now published 12 “frequently asked questions” for charities, which draws on wider guidance to GDPR and directs users to other resources, such as the ICO’s self-assessment tool and its dedicated advice line for small organisations.
The ICO indicated that it did not plan to produce tailored advice for charities, or any other sectors, but that it was supporting sector-led initiatives.
In response to a question about specific guidance for charities it said: “Our guidance focuses on the general application of the GDPR. But we are engaging with representatives from the charity sector to assist them in producing their own sector-specific advice and guidance.”
The document makes it clear that charities will not necessarily need consent for postal marketing to donors, but it is required for some calls and for texts and emails.
“You can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object,” it said.
It also said that if you do rely on consent, then you must not use pre-ticked boxes.