Data Protection for Charities



The following information has been prepared by the States of Guernsey, Data Protection Commissioner's Office.

The Data Protection (Bailiwick of Guernsey) Law, 2001

Charities may be exempt from having to register with the Data Protection Commissioner.  To claim the exemption it is necessary for the Charity to be making no commercial profits or else be using any such profits for the furtherance of its legitimate activities.

If exempted from the need to register Charities nevertheless must abide by the other requirements of the Data Protection Law (the Law).  The Law says that all organizations must respect the fundamental rights of individuals in regard to the handling of their personal information.

If any information identifies a living individual then that information is personal information and so is covered by the law.  Many people think that the Law only applies to personal information held on computer; while it does indeed apply to computerized information it also applies to information processed on all other electronic equipment including CCTV cameras and answer-phones.  Paper records are now also covered by the Law.

When information is obtained this must be done with the consent of the individual or with the consent of the nominated representative of that individual.  The person must be informed about how their information will be used and if it will be disclosed to any person or organization outside the Charity.  This is especially important when sensitive information such as health data is collected.

Once obtained it must be used only for the purposes that were agreed at the time of collection.  If it is needed for any other reason then the person must be contacted and their consent obtained.  One must also be certain that the information held is suitable for the purposes of the Charity in that it is adequate and not excessive for its activities.  Accuracy of information is paramount and when there is no longer any need to use information it must be disposed off; it should not be retained if there is no purpose in keeping it.  In certain cases there may be a legal obligation to retain the data.

 

The Law gives people the right to have access to their information and so records must be processed to a good standard especially where accuracy is concerned.  In addition the records must be kept secure, and those who work for the Charity must be aware of their confidentiality obligations and not disclose any information to anyone who does not have any connection with the Charity.

For more information about the Data Protection Law see “Data Protection-Guidance for Charities / Not-For-Profit Organisations”.

 

The address is:

Data Protection Commissioner's Office
PO Box 642
Frances House
Sir William Place
St Peter Port
Guernsey GY1 1JE

Tel: (01481) 742071
Fax: (01481) 742077
   

This information is offered to assist charitable organisations.  It should not be regarded as comprehensive and charities should take appropriate advice to ensure they comply with their obligations.  The Association of Guernsey Charities accepts no responsibility for any person or organisation using these guidelines.