A spokesman from the Information Commissioner’s Office has said that the data watchdog is set to publish its own guidance on data and consent for consultation in “the next two or three weeks”.
Speaking at the Fundraising Regulator’s seminar on its own recently published consent guidance at the Fundraising and Regulatory Compliance Conference in Manchester yesterday, Richard Marbrow group manager corporate governance at the ICO, said that the guidance was “literally two to three weeks away”.
“We have listened very carefully to what people have been saying about consent and GDPR and our consent guidance is literally two to three weeks away. I was reading the last draft of it last night.”
Marbrow said that he had also read the Fundraising Regulator’s guidance, published yesterday, to ensure that both documents “line up very clearly”.
“Alongside our work on our own guidance, we’ve gone through the draft guidance from the Fundraising Regulator and we have made sure that these things do line up, and do line up very clearly.”
He said that the ICO have gone through all of the available case law and current wording of the GDPR to ensure that, once published, its guidance will be as accurate and useful a document as possible for fundraising charities.
“What we’ve done is we’ve gone through all the case law, all the European case law, every single bit of the GDPR and we line it all up after a big discussion to make absolutely certain that it is considered and does take into account what people have been saying to us. It will also explain what, we feel at least, the legislation will mean around consent”.
A spokeswoman for the ICO said that, once published, the ICO will accept consultation on the document.
ICO accused of not understanding major donor fundraising
During the question and answer portion of the session, a number of fundraisers again asked for clarification around wealth screening, and how much research can be done on a prospective donor before it would contravene data protection law.
A fundraiser from the floor said that in order to “establish whether or not someone is a prospective donor for a certain organisation”, major donor fundraisers need to do “due diligence on that individual” which would involve certain amounts of processing of personal data.
Marbrow replied that, while the Data Protection Act as a “principles based piece of law has very few areas where it’s very proscriptive”, issues around using a person’s personal data without them being aware “was one of those areas”.
“Unless you have an exemption in the Data Protection Act [regarding the use of personal data] you have to tell somebody that they’re processing their personal data, what you’re processing it for and any other information required in all circumstances to make it fair.
“If you’re going out and finding whether they were an alumni of the university you work for, that’s probably fair enough. If you’re going out and getting information about their financial standing, you’re probably going to have to tell them about it first, because you’re processing their personal information.
“We’re not saying that prospect research and wealth screening isn’t allowed. What we are saying is that there are certain things you have to do in order to make that process compliant, one of which is to provide fair processing information.”
In response, a fundraiser said she “couldn’t see how major donor fundraising is going to survive within that context, because it’s not practical and pragmatic to do that at such an early stage of a relationship”.
Another fundraiser said that they were bound by Charity Commission guidance to conduct due diligence on prospective donors, and said that the ICO simply “didn’t understand how the fundraising industry works”.