The Information Commissioner’s Office will publish more detailed guidance on processing data using the concept of legitimate interest under the General Data Protection Regulation.
Speaking at the National Council for Voluntary Organisations’ regulation conference in London yesterday, Steve Wood, the ICO’s deputy commissioner for policy, said the information would be added later this month to the ICO’s Guide to the GDPR, which was published in November.
The GDPR, new, more stringent EU data-protection legislation, is due to come into force on 25 May and will place further restrictions on how organisations, including charities, can process data and when they can contact people.
In some situations in which organisations do not have explicit consent to contact someone, they will be able to rely on arguing that they have a legitimate interest in doing so. The new guidance will give more detail on when and how legitimate interest can be used.
Speaking at the same event, Stephen Dunmore, chief executive of the Fundraising Regulator, said the regulator’s own guidance, aimed specifically at fundraisers and produced in partnership with the ICO, the Institute of Fundraising, the Charity Commission, the NCVO, the Wales Council for Voluntary Action and the Northern Ireland Council for Voluntary Action, would be published in the next couple of weeks.
He said the guidance had been "designed to be concise and accessible", and would look at the implications of the GDPR for community fundraising, corporate fundraising, legacies and fundraising from trusts and foundations.