Warning as charities fall foul of data protection laws

28th April 2017

Warning as charities fall foul of data protection laws

With news that 11 charities have been fined hundreds of thousands of pounds for the misuse of personal data, specialists from a leading Midlands law firm have urged charity trustees and their fundraisers to make sure they fully understand the law or risk damaging their charity's reputation.

Ellie Williams, a specialist charity lawyer at Higgs & Sons, noted that investigations by the Information Commissioners Office (ICO) had revealed that a number of household name charities had secretly screened millions of donors so that they could target them for additional funds.

Financial penalties were imposed, totalling in the region of £138,000, for contraventions of the Data Protection Act and the Privacy and Electronic Communications Act. As a result, the Charity Commission has also opened compliance cases into all 11 charities to assess whether they acted in accordance with their duties under charity law.

Ellie highlighted that such penalties emphasised how important it was for charity trustees to fully understand and comply with their obligations under data protection laws, particularly in light of the introduction of the General Data Protection Regulation (GDPR) which comes into force in May 2018.

"The outcome of this investigation highlights the huge impact not following these requirements can have on a charity, both from a financial point of view and the damage it can do to public trust and confidence," Ellie added.

"It is clear that charities need to have a clear understanding of their obligations and familiarise themselves with guidance available from the Charity Commission, the ICO and the Fundraising Regulator. Fundraising is currently a self-regulatory system, but the Government do have the power to withdraw this if the Sector is not able to follow the rules.

"It is equally important that they report any serious incident which arises to the Charity Commission and co-operate with any subsequent inquiries by the Commission and any ICO investigation. Higgs & Sons can assist charity trustees in reporting a serious incident. We can also help charity trustees to review their fundraising procedures to ensure that they are fit for purpose and up to date to avoid serious incidents occurring in the first place."

Katie Doyle, a data protection specialist in the Commercial team at Higgs & Sons, says that it is especially important that charities keep abreast of current regulations, with the biggest shake-up of data protection regulations seen in the last 20 years due to come into force on 25th May 2018, with the GDPR.

"The GDPR will see greater obligations placed on organisations, with more responsibility on any organisation that is holding or using personal data.. Consent to use personal data will be harder to obtain and an individual will be entitled to withdraw consent at any time," said Katie.

"Fines are currently limited at £500,000, however, under the GDPR, they will be limited to 4% of an organisation's worldwide turnover, at the discretion of the ICO."

"The GDPR clearly presents a risk to charities and businesses if they are not fully aware of the changes and prepared for them. We urge all organisations (charitable or otherwise) to take note of the recent action by the ICO and take this opportunity to review their data protection policies and procedures, to avoid the risk of falling foul of present and forthcoming data protection laws.

"Higgs & Sons will be glad to assist with this process, or provide general data protection advice, and can organise data protection audits if required."



Other news

Contact us

3 Waterfront Business Park
Brierley Hill
West Midlands, DY5 1LX

Call Us: 0345 111 5050


Keep up to date with all the latest here.