Data Protection in the UK: A Sea Change for Charities and Non-Profits

Imagine riding a wave – the UK’s data protection landscape is about to take one! The upcoming Data Protection and Digital Information Bill (DPDI Bill) intends to introduce some changes on how we handle personal data in the UK. Charities and non-profits need to be prepared.

Steering the Ship: The Senior Responsible Individual

Think of the captain at the helm – the DPDI Bill may introduce the term, ‘Senior Responsible Individual (SRI)’. This person may look like the captain of your organisation’s data ship, making sure everything runs smoothly and that you arrive safely at your destination. SRIs need to be part of the senior management crew, and to know the ins and outs of the data protection legislation in order to be successful. This means a thorough understanding of data protection law won’t be an option, it’ll be a priority, and any lack of understanding will be no excuse. The SRI will be charged with ensuring the organisation is compliant, that record keeping is maintained and that personal data is handled lawfully and ethically.

Choppy Waters may be ahead: High-Risk Personal Data

You need to apply extra care to certain types of personal data. The DPDI Bill warns us about “high-risk” special category data such as data that reveals a health condition, your ethnicity or sexuality. Many non-profits and charities process a considerable amount of special category or sensitive personal data. Making sure you have a plan to ensure this activity is lawful and to protect the personal data is going to be a priority in 2024. Appointing a data protection officer (DPO) may have been seen as an option in the past, the SRI will be an unavoidable obligation. But don’t worry, you won’t have to navigate this storm alone – We are here to help!

Building a Lighthouse

Think of a lighthouse guiding ships through the night. Mapping your data journey, will ensure best practice, and avoid the hazards of non-compliance. By building a strong policy framework and ensuring your team are aware of their obligations, you can build trust with your audience and reduce the risk of regulatory enforcement action.

Beyond the Horizon: Other Changes to Consider

The DPDI Bill is likely to introduce many changes. Some of which are more impactful than other. There is good news such as the introduction of the “soft opt-in” for charities which will help to reduce the burden of gathering consent. Currently, for profit organisations are allowed to send marketing emails to existing customers based on their past purchases or interactions, without their explicit consent. The Bill proposes extending this to non-commercial transactions which could include the donations received by charities. Finding the right balance between offering relevant information and respecting individual preferences will still be the key to growing your income.

Conclusion

We are here to help you navigate these changes. It is highly likely that you will need to review your current procedures and policy decision. Hope & May will be launched a new SRI support service working alongside your SRI to guide and advise them with all of their new responsibilities

For further details about our DPO services or SRI support please call us on 0330 111 0013 or us the ‘Contact us’ button below to email us.

Get in touch