It’s crucial for charities to focus on ensuring they have appropriate consent from their supporters. New guidance has been published by the Fundraising Regulator on handling personal information and undertaking charity fundraising activities. It’s now time to move forward and regain the public’s trust.
I recently attended the ICO’s conference for charities last week at Manchester’s Town Hall. The event was ably chaired by former BBC news presenter Sir Martyn Lewis, who commented there was a real appetite amongst charities to learn from issues of the past and make positive changes to ensure bad fundraising practices are a thing of the past.
Opening addresses were given by a panel of Elizabeth Denham (Information Commissioner, ICO), Paula Sussex (CEO of Charity Commission) and Gerald Oppenheim (Head of Policy and Communications at the Fundraising Regulator).
Charities might have been pleased to hear Elizabeth Denham acknowledge the hard work of charities and say the ICO’s recent investigations into charities are now complete. She wants to ‘draw a line and move forward’. However, she pointed out that she was lenient when deciding on the appropriate level of penalty for RSPCA and BHF, but charities which do not comply in future should expect harsher fines. They should ‘follow the law’ and be prepared to ‘do things differently to get things right’. She stated that The Data Protection Act is a principle-driven act and picked out the principle of ‘fair and lawful processing’ as paramount. She cited the example that appending telephone numbers, not provided by individuals, without informing them of this type of processing was ‘not fair’.
Later, questions were raised by the audience about who decides what is deemed to be ‘fair’ and if the goalposts have been moved? Ms Denham said the ICO looks not only at the law but at what consumers / donors find fair but it appeared that some audience members were not convinced and called for evidence to be provided by the ICO.
Paula Sussex spoke about the Charity Commission’s ‘good working relationships’ with the ICO and the Fundraising Regulator. She flagged up that trustees must take a vital role including supervising their charities fundraising campaigns to ensure compliance. She talked of her concern that public trust in charities has declined in the last 2 years, talked about the factors in the chart below and highlighted good DP compliance practices as a key driver of winning back trust.
The Charity Commission’s guidance ‘Charity fundraising: a guide to trustee duties (CC20)’ was updated as recently as November 2016. Paula Sussex asked charities to ‘put the donor at the heart of fundraising and look to a new relationship’ and encouraged charities to go ‘over and above’ the minimum level of DP compliance. Case studies were given by Henry Rowling of The Children’s Society and Emma Malcolm of Rethink which illustrated the benefits of taking a positive approach to privacy.
Gerald Oppenheim talked about the importance of charities checking they have the consent required: ‘When we started out in January 2016 we recognised that the question of consent would form a major part of the work we would be doing as a new Regulator. However, 13 months ago we had not fully appreciated how central the issue would be to fundraising by charities.’
He unveiled new guidance called ‘Personal Information & Fundraising: Consent, Purpose and Transparency’ and confirmed that the new Fundraising Preference Service will launch in the summer.
You will find more useful links and a video of Elizabeth Denham’s speech here:
Simon Blanchard, Senior Associate at Opt-4 & Member of the Data Protection Network
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.