Following the news made public on Monday that the Fundraising Regulator has referred 59 charities to the Information Commissioner’s Office (ICO) for failing to comply with requests to unsubscribe made via the Fundraising Preference Service (FPS), the regulatory focus is again on marketing and fundraising. The FPS is a service operated by the Fundraising Regulator which enables members of the public to unsubscribe from receiving marketing and fundraising communications from charities by direct mail, e-mail, text and phone.
Many fundraising organisations find the rules around sending marketing communications complex since they have to consider the requirements under the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and the Fundraising Regulator’s Code of Fundraising Practice. Certain aspects have been or are still not straightforward. Indeed, the Fundraising Regulator recently announced that the time period for charities actioning suppression requests made via the FPS would reduce from 28 days to 21 days from 1st March 2019. Whereas PECR still allows for a 28 day period for actioning suppression requests for fax and telephone marketing.
The action by the Fundraising Regulator demonstrates that all organisations must put in place proper procedures to ensure that when they receive an unsubscribe request (whether that be directly or via a notification from the FPS), they act promptly and effectively to cease sending marketing communications. Additionally, it is also important for organisations to have a clear sense of what communications they send count as marketing/ fundraising and what communications arguably do not. It is also a clear sign that the Fundraising Regulator will liaise with the ICO (and the Charity Commission) over enforcement action against charities.
Organisations now facing a possible investigation from the ICO due to the reference from the Fundraising Regulator should carefully consider how they can demonstrate they took appropriate steps to comply. The previous enforcement action that the ICO took against a number of charities in 2016/ 2017 for misusing donor’s personal data underlined that the ICO expects charities to comply with the regulatory requirements and will take enforcement action against significant failures.
Posted on 06/03/2019 in Legal UpdatesBack to Knowledge