The General Data Protection Regulation
The General Data Protection Regulation will come into force on 25 May 2018 but now is the time to be preparing for it.
It will make a number of changes to UK data protection law. One area of change relates to the consents that are required from individuals – alumni, donors and others – to allow your fundraising and donations team to contact them.
The Information Commissioner has provided some guidance on what needs to be done to comply with the new law relating to these consents:
- Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.
- Be specific and granular. Vague or blanket consent is not enough.
- Be clear and concise.
- Name any third parties who will rely on the consent.
- Make it easy for people to withdraw consent and tell them how.
- Keep evidence of consent – who, when, how, and what you told people, and how they responded.
You need to review how your organisation obtains and records the necessary consents. A review of your privacy policy is a good place to start. We have already worked with some independent schools in their reviews and we are well placed to provide you with advice and assistance.