Understanding GDPR: ready, steady… and steady as she goes

Gerald Oppenheim is Head of Policy and Communications and Stephen Service is Policy Manager at the Fundraising Regulator. Daniel Fluskey is Head of Policy and Research at the Institute of Fundraising.

GDPR is nearly here

There are just over three months to go before 25 May 2018, the day so many of us have been talking about for so long, finally dawns and the General Data Protection Regulation (GDPR) becomes the new normal for data protection. To help pave the way, the Fundraising Regulator and the Institute of Fundraising (IoF) are working together to publish new ‘bite-size’ GDPR guidance for fundraisers in six easy to understand parts, which we’re launching at today’s NCVO Regulation Conference.

GDPR guidance

We have heard from charities that there is some confusion navigating through the different pieces of guidance that are out there, and the almost daily blogs offering training programmes, online portals, seminars and the like, often provided at some cost to charities. To try to help without adding to either the weight of advice or the financial burden on charities, the Regulator and the IoF are working together to cut through the complexities and produce free guidance for charities, designed to be relevant specifically to fundraisers, particularly in smaller fundraising organisations.

The guidance has been drafted by the Fundraising Regulator and the IoF, with input from the Information Commissioner, and will be jointly branded with the Charity Commission, NCVO and WCVA in England and Wales, and the Charity Commission Northern Ireland and NICVA in Northern Ireland.

The guidance is based on the questions that charities have asked and the importance of giving clear and practical answers. It gives a brief overview of GDPR for charities and for fundraisers, looks at different fundraising methods (community, corporate, trusts and legacy fundraising) and identifies ways in which personal data is likely to be used in each case. We also provide links to other more detailed guidance already available from key authoritative sources including the Information Commissioner, the Fundraising Regulator and the Direct Marketing Association.

Today’s launch at the NCVO Regulation Conference will be followed a few days later by the full publication of the guidance.

Changes to the Code of Fundraising Practice

Alongside this in February, the Fundraising Regulator will publish the updated Code of Fundraising Practice. This follows the recent consultation on changes to the content of the Code on data protection as it applies to fundraising.

Central to all of this is the message that this is evolution not revolution in data protection law. While GDPR does strengthen everyone’s rights to privacy and means that those who hold data for fundraising purposes need to be more careful than ever how they approach their donors and other supporters, the main thing for charities is to understand what is happening and that there is no need for ‘project fear’. It is about the steps all charities should take as they move towards compliance, whatever their size, purpose and who their  beneficiaries are.

This is about getting things right, not just complying with the law, essential as that is, but also about building on all the changes for the better in charity fundraising that have been made since the difficult days three years or so ago now. The guidance is there to help make sure that fundraising is ethical and respectful in the way that donors and supporters personal data is used and understands their right to control their contacts with charities. We hope that the joined up approach from the Regulator and the IoF gives charities the reassurance and confidence to embed GDPR and continue to deliver high standards of fundraising.

There could still be some legal changes before 25 May arrives, but the message is to get ready now.