lawyermonthly 1100x100 oct2024eb sj lawyermonthly 800x90 dalyblack (1)

Will New EU Data Regulations Cause More Pain For UK Charities?

In this Article
Reading Time:
3
 minutes
Posted: 4th January 2017 by
Lawyer Monthly
Last updated 3rd January 2017
Share this article

It’s no secret that UK charities are suffering. Over the last 10 years alone they’ve lost more than £3.8bn in government grants and there’s no sign these are the last cuts they’ll see. But just when many charities were hoping, with the change of government, that perhaps the worst is over, a piece of EU legislation could end up hitting them and their beneficiaries hard.

The General Data Protection Regulation (GDPR) is the new EU law in question. It was voted in by the European Parliament in April and will come in to force in May 2018. It will cover all businesses and organisations that collect and hold information on their customers or donors. Clearly, there have always been strict regulations surrounding the collection, use and storage of personal data, but the GDPR take these directives one step further. And there is a big risk that the charity sector will be their first casualty.

Put simply, the new regulations will require charities to gain ‘explicit consent’ – your active agreement to them taking and processing your data – and crucially, gain your consent as to how they can use it. Right now, all organisations and businesses can infer your consent from your silence, pre-ticked boxes or inactivity. From 2018, this will not be the case. All charities will need to alter their consent mechanisms to ensure that they can demonstrate the consent was given, can be verified and that there is a clear audit trail in place.

All quite sensible you might think. Not a problem. But for many charities it is a very big problem indeed. For example, many charities hold lists of wealthy patrons with a track record of philanthropy. They use these lists to decide who to ask for money, when and how to approach them. How can charities ask these people if they mind being on a list held by them? They can’t.

We have had some guidance from the ICO concerning what steps charities should take now to prepare for 2018, but there is still a big question mark hanging over whether, when it comes to drawing up the full guidance, the ICO will take a harder line with the third sector.

[https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf]

As the national data usage regulator, the ICO must issue statutory guidance based on the GDPR. It is this interpretation of the consent requirements that could go one way or another. The worst case being an overly stringent restriction on what charities can do with their donor data.

Charities already have numerous and slightly varied regulatory standards to interpret, across a number of bodies in addition to the ICO, EU and UK government regulations including the Institute of Fundraising; the new Fundraising Regulator; the Direct Marketing Association, and the National Council for Voluntary Organisations. Such a crowded conversation means that charities struggle to know what is law, what is industry standard, what must be adhered to and what, frankly, can be ignored with no harm done to their donors or themselves.

One of the key issues is that the ICO guidance will be drawn up to cover all bases – business and third sector. This means that charities will be just one of the many competing interests in terms of statutory guidance – what is eventually produced by ICO may appear a fair set of rules for all, but the practicality for the charity sector may prove very different.

You would like to think that the charity sector would get a fair set of guidance, bespoke to them and based on their unique challenges. However, there is a worrying precedent. At a 2005 conference, the ICO indirectly said that charities could contact individuals who were registered with the Telephone Preference Service. They then later altered their guidance to specifically prohibit charities from doing so, without telling the Institute of Fundraising, whose code at the time was the key plank in the charities’ guidance regime. With the advent of GDPR, this could happen all over again, leaving charities who have spent scares resources preparing for one interpretation only to be presented, when the dust settles, with an entirely different one.

The Third Sector is on the ropes right now. The last thing they need is any more pain. Grants from government are already less than half the level that they were 10 years ago. And while the GDPR may seem like a small and rather insignificant tightening of existing rules, for many charities they could just be the final nail in the coffin.

Authored by Phillip Rinn, Lotto Network.

(Source: Phillip Rinn)

About Lawyer Monthly

Lawyer Monthly is a news website and monthly legal publication with content that is entirely defined by the significant legal news from around the world.