The Institute of Fundraising has updated its guidance around General Data Protection Regulation to take into account emerging privacy and data issues.
IoF policy and information officer Sam Boyle says that the updates feature tips on minimising data risks and whether to recruit a data protection officer.
It also includes on section for charities to assess whether they have a legitimate interest in carrying out direct marketing under GDPR.
The IoF’s GDPR: The Essentials for Fundraising Organisations, was first published in 2017, ahead of the launch of the EU data protection law in May last year.
“First of all, don’t worry, this is not a fundamental rewrite,” said Boyle.
“The basics are still the same – this update is about tweaking, including latest thinking, and providing some more tips and advice.
“This includes new information around minimising data protection risks, advice about when you need to consider employing a data protection officer and all new top tips on how to assess whether you have a legitimate interest for carrying out direct marketing under GDPR.
“No piece of guidance will be able to answer every single question that fundraisers might have, but we hope that it is the best ‘starting point’ for helping your charity get things right and a jumping off point to dive into areas in more depth.”
He added that the guide us set for further updates “as the data protection landscape changes”.
“With new developments such as e-privacy on the horizon, there may well be a need to refresh the guidance when appropriate and we’ll continue to review our guidance and advice to give fundraisers the best support we can.”
