The General Data Protection Regulation, which introduces tougher restrictions on how charities can handle people's personal data, comes into force today.
The EU legislation brings in stricter standards for when and how organisations, including charities, can contact people or process and store their data.
The rules will enable people to more easily withdraw consent for the use of their personal data and allow them to require an organisation to disclose the personal data it holds on them for free.
People will be given the right to be told of serious breaches to their data.
The legislation will also allow the Information Commissioner’s Office to levy fines of up to £17m, or 4 per cent of global turnover, on organisations that breach the rules, and carry out "no-notice" inspections on an organisation's premises without a warrant.
The new rules were enshrined in UK law this week, meaning they will remain in force even after the UK leaves the EU next year.
At the start of May, the ICO published the final version of its guidance on consent under the GDPR.
The regulator has sought to reassure small charities that it will not rush to issue huge fines against them as soon as the regulations became live.
Elizabeth Denham, the Information Commissioner, said in a statement today: "Almost everything we do – keeping in touch with friends on social media, shopping online, exercising, driving and even watching television – leaves a digital trail of personal data.
"We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable. It’s important that it stays safe and is used only in ways that people would expect and can control."
Margot James, the minister for digital and the creative industries, said in a statement: "Today marks a milestone in the internet era, with new laws to put power back in people’s hands so they can be sure the information they share online is safe.
"The Information Commissioner has been given the tools she needs to make sure organisations are held to account when they misuse or compromise data, but she has been clear they will be applied proportionately and adequately to help businesses prepare."