IoF launches new GDPR guide for fundraising charities

05 May 2017 News

The Institute of Fundraising has published a guide for fundraising charities on the EU’s General Data Protection Regulation, in partnership with law firm Bircham Dyson Bell.

Published today, the guide GDPR: The essentials for fundraising organisations provides guidance for fundraising charities on preparing for the new regulations to come into force from May 2018, and discuss whether organisations should be looking at moving all fundraising communications to an opt-in model.

The guide says that fundraising organisations do not necessarily need to move to an opt-in fundraising communications model to be compliant with GDPR, but point out that the new regulations raise the standard “of what counts as consent from what is required now” under existing data protection regulation.

It also sets out a number of ways in which fundraising organisations can lawfully send direct marketing materials by post or make ‘live’ phone calls to people who haven’t opted out or are registered with the TPS under ‘legitimate interest’.

The guide is split into three parts, with part one dealing with “Getting to grips with the basics” of GDPR; the second “Opt-in consent vs opt-out – what’s going on?!” and the third being “Frequently asked questions”.

‘We do not believe one size fits all approach is appropriate’

As part of its summary on the opt-in vs opt-out debate, the IoF said that “we do not believe that a one size fits all approach is appropriate” when it comes to making direct marketing communications compliant under GDPR.

Instead, the IoF said that opt-in will be right for some organisations, while opt-out will work for others, depending on each individual circumstance.

“Consent (opt in) will be right for some charities, relying on your legitimate interest (opt out) will be right for others. The most important thing is that whichever you choose to rely on, your donors and supporters are being treated fairly and respectfully and that you are meeting your legal obligations.

“Both ‘opt in’ and ‘opt out’ can be done well in giving your supporters an excellent experience of your charity and in building long-term positive relationships.”

Although the guide recommends that all fundraising organisations consult existing GDPR guidance from both the Information Commissioner’s Office, and the Fundraising Regulator. Both regulators have separately recommended that charities should focus on a ‘consent’ – or opt-in model – as the safest way to conduct direct marketing activities under GDPR.

All charities expected to be compliant by 25 May 2018

The guide reiterates that all organisations must be fully compliant with GDPR by 25 May 2018, the point at which “it’s expected that you’ll be ready and meeting the requirements”.

However the IoF point out that much of the GDPR is simply a strengthening of requirements that already exist for direct marketing in the Data Protection Act 1998, and said that fundraising organisations “should ensure you are compliant with existing requirements and start preparing for the GDPR”.

Daniel Fluskey, head of policy and research at the IoF, said: “We have put this short guide together to help fundraisers answer the really key questions they’ve got about how they can contact their supporters. We know that all fundraisers and charities want to get this right to be sure that they’re meeting their legal requirements as well as giving their donors a great experience of supporting that cause.

“GDPR is coming, and with just over a year left to get ready it’s vital that charities are aware of what changes are coming and have policies and processes in place to be ready.”

Penny Bygrave, senior associate at Bircham Dyson Bell, said: “BDB are delighted to support IoF with this guide to provide clear, practical help for charities to manage this period of uncertainty and take appropriate steps to get to grips with the GDPR and data protection compliance.”


More on