ICO publishes GDPR FAQs for charities
The Information Commissioner has published a list of charities’ frequently asked questions on the GDPR.
The FAQs cover consent including where opt in is required, privacy notices, special category data, security, and when a data protection officer is necessary. They also cover small charities with links to its dedicated helpline for small organisations, its self-assessment tool, and its 12 steps to take now checklist.
There’s lots of help and advice on our website for charities preparing for the GDPR, including our new FAQs. https://t.co/RVAzoHKYfH pic.twitter.com/aI3rcIu3IU
— ICO – Information Commissioner's Office (@ICOnews) January 2, 2018
Advertisement
Under consent, the ICO says that consent will not be needed for postal marketing but will be needed for some calls and for texts and emails under PECR. It also says that if consent is not required under PECR legitimate interests for marketing activities can be used providing organisations show that how they use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.
In the FAQs, the ICO also says that it is not issuing specific guidance for charities with its guidance focusing on the general application of the law. However, it says it is engaging with representatives from the sector to assist them in producing their own sector-specific advice and guidance.