Cyber scam alert - A scam targeting solicitors firms known as 'typo-squatting' has come to light, whereby one character from a genuine business email address is changed and individuals could be contacted by criminals pretending to be from the genuine organisation. Please be sure to check all email address carefully to ensure the message from your solicitor is genuine and with no spelling mistakes. Our email addresses are in the format johnsmith@pearcelegal.co.uk.

How To Ensure Your Charity Remains Compliant With The UK GDPR This Christmas

Charities| 17.12.2024

All charities in the UK are legally required to remain in compliance with the UK General Data Protection Regulation (UK GDPR), a law that sets out how personal data must be properly handled. This is an especially important matter around the Christmas festive period when charities traditionally ramp up their efforts. People tend to donate much more to charities during the run-up to the festive season than at any other time of the year, and this has long been the case. The generosity of people at Christmas goes back centuries and may be rooted in the giving of gold, frankincense and myrrh by the three wise men in the Bible. Another example is the Roman festival of Saturnalia, during which people gave gifts of candles or terracotta figurines. During this increased time of charitable activity, it is important that charitable organisations abide by the data protection rules in the UK. In this article, we will look at the UK GDPR and how it applies to charitable organisations with the aim of ensuring that your organisation remains compliant at all times.

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) is a law that covers how businesses and organisations process personal data in the UK. Specifically, it sets out the rights, obligations, and key principles that apply when processing people’s personal data. The UK GDPR sits alongside an amended version of the Data Protection Act 2018.

What is the risk for charities that do not comply with the UK GDPR?

Failure to comply with the UK GDPR can lead to substantial penalties being levied by the Information Commissioner’s Office (ICO) and the Courts, potentially including:

  • Freezing bank accounts
  • Appointing additional trustees
  • Appointing an interim manager.
  • Restricting charitable transactions, or
  • Suspending or removing trustees.

Unfortunately, many charities unwittingly fall foul of the data protection law. A common example is the breaching by registered charities of the Fundraising Preference Service (FPS) by contacting members of the public who have specifically opted out from being contacted.

Are charities required to adhere to the UK GDPR?

Yes, while some wrongfully assume that data protection is only a matter for profit-making businesses, this is not the case. Some also assume that being a charity means that the penalties for non-compliance may be less; this is also not the case. Another incorrect assumption is that the GDPR is an EU law and has not been applied in the UK since Brexit. In fact, the EU’s GDPR was retained in domestic law as the UK GDPR, with the difference now being that the UK has the independence to keep the framework under review.

Charities are treated like any other legal entity that receives and processes information as part of its day-to-day operations. Charitable organisations in the UK store and process personal data in order to communicate with potential donors, undertake fundraising drives, and coordinate volunteers.

What are the UK GDPR Principles?

The GDPR principles aim to empower individuals by giving them control over their personal data. They also require organisations across public, private, and charitable sectors to take essential measures to safeguard people’s information and privacy. The principles of the GDPR are as follows:

  • Data must be processed lawfully, transparently, and fairly.
  • Data can only be processed for specific purposes, and the data subject must be aware of such purposes.
  • Organisations must keep personal data secure and protect it from unlawful processing, destruction/damage, or loss.
  • Only necessary information should be collected. All data collected and stored should be adequate, relevant, and limited to a specific purpose.
  • Personal data should not be stored longer than is necessary, and
  • Retained personal data should be accurate. Inaccurate data should be corrected and/or deleted.

It is imperative that, as a registered charity operating in the UK, you embed and adhere to these core principles when it comes to processing personal data.

How can UK charities ensure UK GDPR compliance?

As with a business or other type of organisation, there is much that charities can do to keep compliant with the UK GDPR, including:

  • Creating a top-down culture of privacy compliance that applies to everyone
  • Investing in systems and processes that protect your charity’s personal data
  • Charity trustees should understand their role when it comes to the UK GDPR
  • Having regular training for staff on data protection law in the UK
  • Making sure you understand what personal data you are collecting, storing and processing, and for what reason.
  • Always getting consent from those people you keep personal data on, including making it easy to opt-out
  • Keeping detailed records on how the steps you have taken to adhere to the principles of the UK GDPR.

Final words

Thousands of charities across the UK provide much-needed services for those they serve, but trustees and others running the organisation must abide by laws that apply to all legal entities, including data protection. As a trustee of a charity, we recommend taking the time to understand your legal obligations in this role so that you and your charity are in alignment with the data protection rules in the UK. If you are unsure or want to clarify your data protection measures, please speak to a member of our expert and highly experienced charitable law team for advice, support, and guidance.

Pearcelegal has a dedicated team of charity law solicitors who provide practical legal advice and support on all matters related to running a registered charitable organisation in the UK. To make an appointment, please contact us on 0121 270 2700 or enquire through our contact form.

Expert advice for you Book a free consultation

The team at Pearcelegal will be delighted to discuss your legal matters and give you a no-obligation quote.

Book your free consultation