Charities need to offer individuals “genuine choice and control” over how their data is collected, according to the Information Commissioner’s Office draft guidance on the General Data Protection Regulation.
This includes using “active opt in” methods in obtaining consent, such as unticked opt-in boxes.
Individuals giving data, such as donors, also need to be informed of their right to withdraw consent at any time.
The guidance says: “It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.”
This is the most detailed guidance yet from the ICO on the GDPR, the EU regulation that supersedes the Data Protection Act 1998 in May 2018 and aims to give the public more control over how charities and other organisations collect their data.
The ICO has launched a consultation around the draft consultation, which also recommends reviewing consent mechanisms to ensure they comply with GDPR requirements.
It also calls on charities and other organisations to check their record keeping practices to ensure consent is properly documented.
In asking for data, organisations need to explain why they want it and what they will use it for. There is also a requirement to name any third parties that want to use the data.
The guidance says any requests for consent need to be prominent and separate from other terms and conditions.
In addition, individuals need to be allowed to opt in to specific ways that the data will be used. “Vague or blanket consent is not enough,” adds the guidance.
In a blog post to announce the guidance and consultation, Jo Pedder, ICO interim head of policy and engagement, said: “Basing your processing of customer data on GDPR-compliant consent means giving individuals genuine choice and ongoing control over how you use their data, and ensuring your organisation is transparent and accountable.
“Getting this right should be seen as essential to good customer service: it will put people at the centre of the relationship, and can help build customer confidence and trust.
“This can enhance your reputation, improve levels of engagement and encourage use of new services and products.”