Change text size:

Ellie Williams  

Solicitor, Private Client

Get in touch
Ellie Williams

Search for a team member

Warning as charities fall foul of data protection laws


Article date:  28/04/2017

With news that 11 charities have been fined hundreds of thousands of pounds for the misuse of personal data, specialists from a leading Midlands law firm have urged charity trustees and their fundraisers to make sure they fully understand the law or risk damaging their charity's reputation.

Ellie Williams, a specialist charity lawyer at Higgs & Sons, noted that investigations by the Information Commissioners Office (ICO) had revealed that a number of household name charities had secretly screened millions of donors so that they could target them for additional funds.

Financial penalties were imposed, totalling in the region of £138,000, for contraventions of the Data Protection Act and the Privacy and Electronic Communications Act. As a result, the Charity Commission has also opened compliance cases into all 11 charities to assess whether they acted in accordance with their duties under charity law.

Ellie highlighted that such penalties emphasised how important it was for charity trustees to fully understand and comply with their obligations under data protection laws, particularly in light of the introduction of the General Data Protection Regulation (GDPR) which comes into force in May 2018. 

"The outcome of this investigation highlights the huge impact not following these requirements can have on a charity, both from a financial point of view and the damage it can do to public trust and confidence," Ellie added.

"It is clear that charities need to have a clear understanding of their obligations and familiarise themselves with guidance available from the Charity Commission, the ICO and the Fundraising Regulator.  Fundraising is currently a self-regulatory system, but the Government do have the power to withdraw this if the Sector is not able to follow the rules.

"It is equally important that they report any serious incident which arises to the Charity Commission and co-operate with any subsequent inquiries by the Commission and any ICO investigation. Higgs & Sons can assist charity trustees in reporting a serious incident.  We can also help charity trustees to review their fundraising procedures to ensure that they are fit for purpose and up to date to avoid serious incidents occurring in the first place."

Katie Doyle, a data protection specialist in the Commercial team at Higgs & Sons, says that it is especially important that charities keep abreast of current regulations, with the biggest shake-up of data protection regulations seen in the last 20 years due to come into force on 25th May  2018, with the GDPR.

"The GDPR will see greater obligations placed on organisations, with more responsibility on any organisation that is holding or using personal data.. Consent to use personal data will be harder to obtain and an individual will be entitled to withdraw consent at any time," said Katie.

"Fines are currently limited at £500,000, however, under the GDPR, they will be limited to 4% of an organisation's worldwide turnover, at the discretion of the ICO."

"The GDPR clearly presents a risk to charities and businesses if they are not fully aware of the changes and prepared for them. We urge all organisations (charitable or otherwise) to take note of the recent action by the ICO and take this opportunity to review their data protection policies and procedures, to avoid the risk of falling foul of present and forthcoming data protection laws.

"Higgs & Sons will be glad to assist with this process, or provide general data protection advice, and can organise data protection audits if required."

If you would like more advice on this issue, contact:

Higgs & Sons, based at offices on the Waterfront Business Park in Brierley Hill, boasts more than 100 specialist lawyers. For further details go to

View all articles for 2017

printer friendlyPrinter friendly