GDPR and Charities

How will Fundraising be impacted?

How will charity fundraising be impacted by GDPR?

On Friday 25 May 2018, The General Data Protection Regulation (“GDPR”) will come into force and have an impact on how charities will be able to fundraise and use or process personal data.

GDPR will replace the current Data Protection Act 1998. This will mean that every organisation in every business sector including charities will have to be compliant with the new law if they use and store personal data and information. The new law will make it a legal responsibility of the charity to make sure individuals’ rights are taken seriously and that the correct policies and procedures are in place to protect information used, processed or held by the charity.

The Institute of Fundraising and the Fundraising Regulator have published joint guidance on GDPR which is intended to “fully equip fundraisers” ahead of the regulation. 

GDPR is not designed to stop charities fundraising or contacting people through marketing materials but it is designed to make sure charities and other businesses are looking after and protecting stored personal data and only using it for a “valid lawful basis”.

The joint GDPR guidance from the Institute of Fundraising and the Fundraising Regulator highlights six circumstances when personal data can be used (or processed):

  1. Consent – you can show that an individual has performed a clear affirmative action (such as saying “yes” to a question or ticking an opt-in box) to allow you to process their personal data for a specific purpose;
  2. Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract;
  3. Legal obligation – the processing is necessary for you to comply with the law;
  4. Vital interests – the processing is necessary to protect someone’s life;
  5. Public task – the processing is necessary for you to perform a clear task in the public interest or for your official functions, and the task or function has a clear basis in law; or
  6. Legitimate interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless the interests or rights and freedoms of the individual override those interests.

For more information on GDPR please visit the Information Commissioners’ Office website

If you require legal help and advice concerning our Legal services for charities please contact Hunt & Coombs Solicitors on 01733 882800 or email

Go back


Subscribe to our RSS feed to receive all of our news updates.

This article has been prepared for general interest and information purposes only; it does not constitute legal advice and should not be relied on as such. While all possible care has been taken in the preparation of this article, no responsibility for the accuracy and/or correctness of the information and commentary set out in the article, or for any consequences of relying on it, is assumed or accepted by the firm or the authors.