Setting up a website for your charity is a great way to raise awareness, engage the public, and encourage donations. However, it is important to recognise that websites can serve multiple functions which may have data protection implications. To ensure compliance with data protections laws, key aspects to consider include a privacy notice, cookie policy and consent banner and website terms and conditions of sale.
Common ways charities may breach data protection laws
Charities should be particularly mindful of the following website functions where data protection issues commonly arise:
1. Cookies
2. ‘Contact us’ pages
3. Live chat functions
4. Newsletter signups
5. Online shops and donation platforms
Key data protection considerations
Privacy notice
If your charity’s website does not collect any personal data, it can still be useful to include your organisation’s privacy notice on the website, making it easily accessible to those who need to be able to see it.
However, most charity websites will collect some personal data, whether through contact forms, newsletter signups, or online donations. In these cases, a privacy notice is essential to explain what data is collected, how it is used, and how individuals can exercise their data rights as required by data protection laws.
Cookies
Cookies are small text files downloaded onto a website visitor’s computer or smartphone when they visit a website. Cookies are commonly used on websites, for example to help websites to remember user preferences or past actions and keep items in your shopping basket. However, unless cookies are classified as ‘necessary’ or ‘essential’ for the functioning of the website, user consent is required before they can be placed on a visitor’s device:
Best practice, as promoted by the Information Commissioner’s Office (ICO) includes:
- Clear cookie banners that inform users about the cookies being used.
- A ‘reject all’ button on the first layer of the cookie banner.
- Ensuring accept cookies buttons are not pre-ticked or more prominent than rejection options.
- Providing an easy way to withdraw consent to cookies after it has been given.
Website terms and conditions of sale
If your charity sells charitable goods or services (or accepts donations) via its website then terms and conditions of sale should be clearly available. These terms help with transparency by setting out:
- The contract terms applicable to purchases (or donations).
- Data protection provisions, as website visitors may provide personal data such as their name, address, contact details and payment details for the purposes of the purchase
Why do I need to comply with data protection law?
Failure by a charity to comply with data protection law poses many risks including enforcement action by the Information Commissioner’s Office, loss of business and loss of reputation. You can read more about this here.
Our data protection team has many years of experience in advising organisations on their compliance with UK data protection law. To speak to one of the team you can get in touch here or call us on 0800 2800 421.
Disclaimer
This information is intended for general informational purposes only and does not constitute legal advice. We recommend seeking professional advice before taking any action on the information provided. If you would like to discuss your specific circumstances, please feel free to contact us on 0800 2800 421.
