Skip to main content

In May 2018, a new legal framework will be introduced across the EU to replace the existing Data Protection Act. The General Data Protection Regulation (GDPR) promises to shake up existing laws surrounding data protection.

It’s the biggest change to data protection policy for 20 years and will see businesses facing hefty fines for any blunders.

So what does this mean for data protection for charities? A data breach under the new GDPR could carry a heavy cost, particularly for charities at the higher end of the income scale, since regulators can issue a penalty of between 2-4% of an entity’s global gross revenue.

Charities rely heavily upon donations and the work of volunteers. Yet failure to comply with the GDPR could see them lose their reputation and a large chunk of hard earned, potentially life saving, cash.

What the GDPR means for charity data protection

In light of the growing digital economy, the GDPR introduces some distinctly modern elements. For example, the GDPR covers genetic and biometric data, and online identifiers such as IP addresses.

Consent also features heavily in the GDPR, particularly in regards to opting in or out of a service. To confirm consent, a clear affirmative action must be taken by the individual – gone are the days of pre-ticked boxes and implied consent. Why information is being asked for and how it will be used must also be declared by charities under the GDPR.

Charities will also have to rethink how potential donors are approached and how individuals’ data is processed. Individuals have the right to access whatever information is held for them – so a smooth, efficient process to access this information must be put in place. Under the new act, data breaches (lost data or cyber attacks, for example) must be reported within 72 hours.

What do charities stand to lose?

UK charities could face significant fines for violations of record-keeping, security, breach notification, or other data protection obligations. Regulators could issues fines equal to €10 million or 2% of an entity’s global gross revenue – whichever is greater. More severe penalties of €20 million or 4% of the entity’s global gross revenue may apply for serious violations such as those relating to consent, individual rights and cross-border data transfers.

How does this translate into real world examples? Well, in the UK, most of the top earning charities (those with an income of above ten billion pounds) tend to fall within the ‘advancement of health and saving lives’ category. These charities include: Cancer Research UK, Wellcome Trust, Change Grow Live, and Cardiff University. Money raised by these organisations funds research into disease and offers services to help people live happier, healthier lives.

If, for example, Wellcome Trust, Cancer Research UK or Change Grow Live were to receive the most severe fine for breaching GDPR guidelines, they’d face penalties of £15.6m, £25.4m and £6m, respectively.

That’s a combined total of £47m which could have contributed to potentially life changing causes.

Looking at a recent data protection case, in 2016 the British Heart Foundation was fined £14,400 for breaching the DPA. If that were to happen once the GDPR comes into effect, it would amount to £12m. These figures show the stark reality charities face if they are not GDPR compliant.

How charities can prepare for GDPR

As it stands, the GDPR will remain unaffected by the UK’s exit from the EU, and UK based organisations which offer goods or services to individuals in the EU will still be covered. So it’s essential charities in the UK start preparing for the GDPR sooner rather than later.

Adopting GDPR best practice now, is an excellent way to ensure you’re up to speed by the time the new legislation is in place. Training staff of all levels – including volunteers – is imperative to ensure new guidelines are rigorously followed.

Our GDPR e-learning courses offer a definite resource for charities looking to prepare themselves for changes brought about by the new framework, and our GDPR compliance checklist will give you an excellent starting point.

Organisation
Annual income
General Area Of Operation
SAVE THE CHILDREN INTERNATIONAL £785,578,950.00 EDUCATION/TRAINING
NUFFIELD HEALTH £767,600,000.00 CHILDREN/YOUNG PEOPLE
CANCER RESEARCH UK £635,145,358.00 THE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
CARDIFF UNIVERSITY £511,753,000.00 THE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
THE CHARITIES AID FOUNDATION £503,327,000.00 tOTHER CHARITIES OR VOLUNTARY BODIES
OXFAM £414,700,000.00 OVERSEAS AID/FAMINE RELIEF
WELLCOME TRUST £390,300,298.00 tTHE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
ANCHOR TRUST £367,327,000.00 DISABILITY
UNITED CHURCH SCHOOLS FOUNDATION LTD £336,342,000.00 CHILDREN/YOUNG PEOPLE
BRITISH HEART FOUNDATION £301,500,000.00 THE GENERAL PUBLIC/MANKIND
BARNARDOu2019S £298,660,000.00 DISABILITY
GEORGE PEABODY DONATION FUND £252,670,000.00 THE PREVENTION OR RELIEF OF POVERTY
METHODIST HOMES £191,468,000.00 ACCOMMODATION/HOUSING
CANAL & RIVER TRUST £189,700,000.00 ARTS/CULTURE/HERITAGE/SCIENCE
WATERWAYS INFRASTRUCTURE TRUST £189,700,000.00 ARTS/CULTURE/HERITAGE/SCIENCE
THE WOODARD CORPORATION £178,517,000.00 RELIGIOUS ACTIVITIES
ACTION FOR CHILDREN £160,884,000.00 EDUCATION/TRAINING
CHANGE GROW LIVE £158,326,000.00 THE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
WAKEFIELD AND DISTRICT HOUSING LIMITED £156,513,000.00 THE PREVENTION OR RELIEF OF POVERTY
BANGOR UNIVERSITY £143,442,000.00 THE GENERAL PUBLIC/MANKIND
ROYAL SOCIETY FOR THE PROTECTION OF BIRDS £136,994,000.00 ANIMALS
THE NATIONAL SOCIETY FOR THE PREVENTION OF CRUELTY TO CHILDREN £128,912,000.00 EDUCATION/TRAINING
HARMSWORTH AND PUTNEY ANIMAL HOSPITALS TRUST £124,403,000.00 OTHER CHARITIES OR VOLUNTARY BODIES
ROYAL SOCIETY FOR THE PREVENTION OF CRUELTY TO ANIMALS £124,403,000.00 OTHER CHARITIES OR VOLUNTARY BODIES
PRIFYSGOL ABERYSTWYTH £122,452,000.00 CHILDREN/YOUNG PEOPLE
THE ROYAL NATIONAL INSTITUTE OF BLIND PEOPLE £114,450,000.00 tTHE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
COMMUNITY INTEGRATED CARE £107,003,000.00 DISABILITY
THE PRIORY OF ENGLAND AND THE ISLANDS OF THE MOST VENERABLE ORDER OF THE HOSPITAL OF ST. JOHN OF JERUSALEM £106,900,000.00 THE ADVANCEMENT OF HEALTH OR SAVING OF LIVES
UNIVERSITY OF WALES:TRINITY SAINT DAVID £104,650,000.00 ARTS/CULTURE/HERITAGE/SCIENCE
THE GUIDE DOGS FOR THE BLIND ASSOCIATION £103,700,000.00 PEOPLE WITH DISABILITIES
THE UNITED KINGDOM COMMITTEE FOR UNICEF £100,708,000.00 EDUCATION/TRAINING

Do you have a question?

Whether it is a technical question or a sales enquiry, our helpdesk and sales team will be happy to help.