In 2018 our Data Protection Act from 1998 will be replaced by the General Data Protection Regulations (GDPR). These have been written and agreed with all European Union nations, and will still apply in spite of the UK leaving the EU. Our Information Commissioner will uphold the new GDPR law and adopt it into UK law.
GDPR strengthens the rights of individuals and updates a 20-year old Act. You can read the new regulations HERE.
An update to the specific areas of law relating to electronic communications and information is also coming. This goes into more detail than GDPR on areas like email, SMS, internet tracking, cookies and the like. It isn't finalised yet, but you can read a bit more about it HERE.
Both these updates to law will affect not just charities but businesses, too. They're far-reaching and intended to protect the rights and information of the individual. They do not apply to people outside of the EU/UK, but any organisation who holds or deals with data from an EU or UK citizen will have to abide by them - making them very important to you, the consumer.
We have taken advice and guidance from a number of sources to make sure we're applying not just the law but best practice to our own processes and communications (with legal advice, with advice from the Information Commissioner's Office, with guidance from the Institute of Fundraising, the Fundraising Regulator and the Direct Marketing Association).
We've also used direct feedback from our supporters to shape our practices (survey questions in our Response newsletter in 2015, and a survey in spring 2017). Our own governance is made up of people with a range of skills and lived experience invaluable to our decision-making, who have also been involved throughout.
We'll regularly review our practices and apply common-sense answers as best we can. You can read more about what we're doing to improve our practices with your data on these pages: