Charity fundraisers must comply with the Data Protection Act 1998 but may find the following rules of thumb helpful. Fundraisers should not hold information on donors or prospects that charities would not feel comfortable sharing with those people.
Any information held by charities should not be used in a manner with which donors are uncomfortable, and the data must never be shared with others in a way donors disagree with.
When personal data is processed, fundraisers need to ensure it is done fairly and lawfully. Charities must ensure data subjects have not been deceived about the purpose for which their data is to be processed.
Data subjects should understand the purpose of any processing, and charities must meet conditions on being transparent about how they handle data - for example, by ensuring that people have consented to the processing.
Charities must be certain they have explicit consent for any processing of sensitive data, which might include racial or ethnic origins, political and religious opinions, information on subjects' sexual lives or health conditions, details of any offences committed by the subjects or whether they are members of any trade unions.
Personal data kept on subjects must be relevant and not excessive. It should be accurate and not kept for longer than necessary. Data subjects can write to data controllers to get information on how information is being processed, the description of the data, why it is being held and to whom it might be disclosed. They also have a right to obtain copies of data.
Personal data should not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures adequate protection for the rights and freedoms of data subjects.