The frontpage headline of The Daily Telegraph today, 4th July 2017 – “Charities face £25k fines for pestering” – risks bluring some key issues.
The Fundraising Regulator is about the launch the Fundraising Preference Service (FPS). Rightly they are keen to promote this.
But the Fundraising Regulator has no powers to issue fines. That still rests with the ICO.
A refusal by a charity to implement a FPS suppression would eventually be a breach of the (longstanding) right that individuals have under the current Data Protection Act to object to Direct Marketing (Section 11).
In such cases, the ICO might consider a fine.
But it’s not certain, and is not set at £25,000. It would be assessed, as always, on a case-by-case basis by the ICO on the circumstances of the case.
So the well intentioned article has taken the highest fine issued by the ICO to charities and taken it as the figure that the ICO might fine.
The key is for all organisations to be able to demonstrate the processes and procedures they follow to manage supressions of Direct Marketing. For example:
(1) Knowing which communications are Direct Marketing, and which are not (e.g. which are administrative).
(2) Knowing where personal information is held – e.g. is it on one system, or more than one – and ensuring supressions are applied (i.e. not just deleting information, but marking the record as supressed).
(3) Having clear processes for receiving suppressions, and processing them within the 28 day timescale.