The Glasgow Children’s Hospital Charity has said the new legislation means it could lose up to two thirds of its supporters
A charity has expressed fear that new data protection regulation could cost it tens of thousands of pounds a year.
The GDPR legislation came into force on Friday (25 May), and aims to give people more control over their personal data.
Under the new rules people must give consent for organisations to hold their information, and the Glasgow Children’s Hospital Charity has said it is worried it may see a drop in donations – despite working over the last 18 months to ensure it is prepared for GDPR.
Shona Cardle, chief executive of the charity, said it feared losing up to two thirds of its supporters and tens of thousands of pounds a year in donations, and urged those who have backed the organisation to stay in touch.
“As the clock ticked down to GDPR coming into effect, we – like many other charities and voluntary organisations – risk losing touch with a large number of our supporters,” she said.
“GDPR has many clear benefits, and as a sector we are acutely aware of the importance of transparency, honesty and respect for our donors. This is not about bombarding supporters with a flood of direct mail, or hoarding contact details.
“It’s about sharing the wonderful work and the impact that supporters have made possible.
“We all lead such busy lives and there is so much information out there about the new legislation. We’re concerned that a general indifference to GDPR will lead to supporters losing touch with charities by default, rather than design, but there is still time to get in touch and stay with us.”
Cardle said the charity is concerned that it no longer had a legitimate interest to keep in touch with those who have made donations, and urged supporters to return response forms that have been sent out.
Deputy commissioner for policy at the ICO Steve Wood said it is important to consider whether fresh consent is needed before contacting supporters.
He said: "You do not need to automatically refresh all existing consents in preparation for the new law. But the GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent.
"Where you have an existing relationship with customers who have purchased goods or services from you it may not be necessary to obtain fresh consent."
Wood added that consent is one of only six lawful bases for being compliant with GDPR and is often misunderstood.
TFN Poll: Will GDPR devastate charity incomes?
Further information and resources for charities on GDPR is available on the ICO website.