GDPR: A work in progress

ACF has received several queries recently from members concerned about how the General Data Protection Regulation (GDPR) may affect foundations. The implications for foundations are not clear yet as there is no such specific guidance, but this brief blog provides an update of what we know, what we don’t know, and what to expect in the coming months.

What is it?

The GDPR is an EU legal framework which sets an updated standard of data protection for organisations across the EU and for any organisations that process the data of individuals in member states even if they aren’t in the EU. It is due to come into force in the UK on 25 May 2018, and the government has stated that the UK’s withdrawal from the EU will not affect its commencement.

What do we know?

While there are many similarities between the new framework and the UK’s existing Data Protection Act 1998, there will be changes in some key areas including:

  • Consent
  • Principles of accountability
  • Lawful processing
  • Children’s personal data

The Information Commissioner’s Office (ICO) has produced guidance to help all organisations understand the requirements; click here to access it. It has also provided some sector specific guidance including a page for charities, which can be accessed here.  

However a great deal of guidance for charities has been designed with service providing and fundraising charities in mind. This means that for foundations, or other charities which use data for purposes other than direct marketing, understanding the requirements and assessing the impact can be challenging. 

What is ACF doing?

ACF is working closely with members, experts and other umbrella bodies across the voluntary sector to identify the issues for foundations and find answers to member queries. We are aiming to publish a briefing note on the GDPR as soon as we have some clarity and confirmation as to what the issues and solutions might be. We are also exploring the possibility of hosting a briefing event or training session for foundations.

What are the issues?

The implications for foundations are not yet fully clear, but our own research and contact with members has suggested that the issues may include:

  • Where is the line drawn between individual and organisational consent?
  • What constitutes marketing materials in the context of a foundation or other non-fundraising charity? Might it include, for example, promotion of a new grant programme or funding opportunity?

What next?

It would be good to hear from you whether you have logged any further issues in relation to your practice, and also if you have already sought professional advice on the issues that you would be willing to share.

We will continue to work with others in the sector to find out more and keep members informed. If you have any further thoughts, questions or suggestions, please contact Emma Hutchins, ACF's Policy and Communications Officer.

Useful links:

ICO’s overview of the GDPR 
ICO’s support for charities 
ICO’s current guide to data protection 

We support UK foundations and grant-making charities