GDPR risks for charities

GDPR risks for charities

A number of UK charities have been fined by the ICO in recent years for misusing personal data and engaging in activities which are not compliant with the GDPR.  Charities issued with fines include the RSPCA, British Heart Foundation and Cancer Research UK to name just a few.

Key risk areas that charities are commonly found to be non-compliant with GDPR include:

Sending direct marketing communications without consent

Failing to notify individuals of wealth screening and data matching

Processing special category data without due care and protection

Failing to secure personal data and being susceptible to data breaches

Accidental disclosure of data due to lack of staff training

Failing to ensure that volunteer access to data is limited and secure