The charity sector was given a head start on businesses in preparing for the General Data Protection Regulation because of the fines issued by the Information Commissioner’s Office, John Mitchison of the Direct Marketing Association has said.
Speaking at Third Sector’s Fundraising Conference in central London this morning, Mitchison, head of preference services, compliance and legal at the DMA, said the fines had led the sector to begin preparing for the new law, which comes into force on Friday, earlier than they might otherwise have done.
The ICO handed out fines totalling £181,000 to 13 charities across six months in 2016 and 2017 after the Daily Mail and The Mail on Sunday newspapers carried out investigations into fundraising practices involving several major charities.
The fines were issued as penalties for breaching existing rules under the Data Protection Act 1998, but Mitcheson said they had changed the way charities approached the introduction of the GDPR.
"I think all of that furore in the charity sector at the time, which was kicked off by the Daily Mail, actually gave a lot of charities and fundraisers a head start on preparing for the GDPR because they were already putting their processes in a better position before everybody else was," said Mitchison.
Other members of the panel, including Gerald Oppenheim, head of policy and communications at the Fundraising Regulator, agreed.
"What we’ve seen at the Fundraising Regulator in the last couple of years is a huge sea change in the way charities have approached the data they hold," Oppenheim said.
"They’ve been very questioning in a good way about what they have and why they have it, and that’s really good."
He said that Elizabeth Denham, the Information Commissioner, had also been very clear that the ICO would seek to help any organisation that ran into difficulties after Friday.
J Cromack, chief executive of the data analytics company Wood For Trees, said he had attended similar events for mid-sized businesses where awareness of the requirements of the GDPR had been very low compared with that shown by charities.
"I’d say the charity sector is a long way ahead of a lot of other organisations because of what happened in the last few years," said Cromack.
He said he believed some organisations had adopted a policy of ensuring they had opt-in consent to contact all of their supporters, which is one option for complying with the GDPR, because the fines had created a fear that all consent would have to be opt-in.