Laceys Solicitors Laceys is a leading, forward-thinking law firm with specialist experts serving both individual and business clients across a broad spectrum of practice areas.




Are you a Charity? Make sure you comply with data protection laws.

5th December 2016 by Are you a Charity? Make sure you comply with data protection laws.

Categories: Charity News
Tags: , ,

Marketing is crucial to the vast majority of charities. Without building awareness of their cause, they cannot raise funds or carry outs their functions.

Yet the Information Commissioner’s Office (the body in charge of overseeing compliance with data protection legislation in the UK) is showing itself increasingly willing to fine organisations that fail to ensure their marketing is carried out in accordance with individuals’ rights. In particular, the ICO has warned any organisation making nuisance calls and emails to expect increased fines.


Some charities assume that, because an individual has made a donation and provided the charity with their contact details, they are entitled to call or email them in order to market the organisation’s services, advise them of a new campaign or seek further donations. Unfortunately for these charities, the process is a little more complicated.

The ability to make marketing calls and emails are governed by various pieces of legislation.

As a summary for INDIVIDUALS: 

  • Organisations can send marketing emails to individuals if;
    • They have the prior consent of that individual or;
    • They have: (a) provided similar goods and services to that individual previously, and (b) the organisation gave the individual a simple way to opt out of receiving marketing emails both when they first collected the individual’s details and in every marketing message they then send, and the person has not opted out.
  • If at any point the individual asks you to stop sending marketing emails then you should comply with this request and remove them from your database.
  • Marketing phone calls cannot be made to any individual that has indicated that they do not want to receive such calls or is listed on the Telephone Preference Service (TPS), unless they have given their express consent to you to be contacted for such purposes by phone. Charities looking to make marketing calls should therefore check the TPS list before making calls and keep an updated listed of anyone who has opted out of receiving any such communication.

As a summary for BUSINESSES:

  • The rules for calling businesses for marketing purposes are the same, except that there is a different list; the Corporate Telephone Preference Service (CTPS). Again charities looking to make such calls should check the CTPS list and keep a list of businesses that have opted out of receiving marketing calls.
  • When emailing businesses, sole traders and partnerships are all treated as individuals, and so the above rules regarding sending emails will apply. Incorporated bodies such as companies and limited liability partnerships are not governed by these rules, and so you are free to send marketing emails to such corporations. However, it is good practice (not to mention good business sense) to keep a ‘do not email’ list and screen any new marketing lists against that. Many find it difficult to determine whether or not a business is incorporated. If in doubt treat such businesses as if they were individuals.


  • The change to the Code of Fundraising Practice which gives extra protection to those receiving marketing.
  • Using contact details provided by someone other than the individual you will be contacting. Are you confident that the individual has given their consent to your charity contacting them? Be equally careful when passing on contact details to third parties (you will usually require the individual’s consent in order to do this).
  • The above is in addition to, and does not replace, the obligations set out in the Data Protection Act 1998 (for example the obligation to process personal data fairly).
  • The above is set to change over the next two years due to changes made across the EU regarding the protection of personal data. Keep an eye on updates regarding this.

With the worst offenders being issued with fines for over £1,000,000 it is important to ensure that any marketing activity is done correctly. Not only will this avoid a financial penalty, but also help prevent any negative publicity regarding your charity (or complaints from the very individuals you are trying to seek funding from, or otherwise work with).

Remember that data protection applies to more than just marketing. The Alzheimer’s Society received an enforcement notice not too long ago for its “disappointing attitude” towards handling the sensitive personal data of its beneficiaries, and so not for profit organisations are by no means exempt from the ICO’s investigatory powers.

Close X