Fundraising Regulator and Data Protection: What Charities Must Have in Place
The Fundraising Regulator oversees fundraising practice in the UK charitable sector and has specific data protection requirements in its Code of Fundraising Practice that go beyond UK GDPR minimum standards. Following several high-profile fundraising data scandals — including the use of wealth screening and data matching without donor awareness — the sector has faced increased scrutiny over how supporter data is collected, used, and shared.
The Fundraising Regulator upheld complaints against 28% of charities investigated for data protection failures in their fundraising practices in 2023.
Fundraising Regulator Requirements for Data Use
The Fundraising Regulator's Code requires charities to: be transparent about how they use supporter data for fundraising (including profiling, wealth screening, and data matching); obtain proper consent for electronic marketing communications; use the Telephone Preference Service and Fundraising Preference Service appropriately; not use data in ways that damage trust or are likely to cause distress; maintain effective suppression processes for donors who have asked not to be contacted; and keep supporters' preferences up to date. The Code also addresses the use of data brokers and data matching services — charities must ensure that data sources used for prospect research are legitimate and that supporters would not be surprised or distressed to discover their data had been obtained in this way.
Fundraising Preference Service and Donor Opt-Outs
The Fundraising Preference Service (FPS) allows members of the public to stop receiving fundraising communications from charities. Charities must check the FPS regularly (at least every three months for phone and direct mail campaigns) and suppress contacts who have registered. Failure to comply with FPS suppression requests is a breach of the Fundraising Regulator's Code and can result in a public reprimand or referral to the ICO. The FPS operates alongside — but separately from — the ICO's GDPR and PECR enforcement: a charity can fail FPS compliance while being technically GDPR compliant, and vice versa. Both must be addressed in the charity's data governance framework.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.