Select Page

Michael Jones











Michael Jones – Audit Manager

01792 484555


An alert to all charities 

Bevan & Buckland would like to inform trustees they must ensure that there are systems in place at their charity to identify and comply with any data protection laws and regulations that apply to its activities.

Following data protection law is a critical compliance area for any charity that handles personal information. It includes, but is not restricted to, collection, use and storage of donors’ personal data. After referring to the Commission’s guidance Bevan & Buckland would like to make it clear that trustees are responsible for having systems and processes in place at their charity to ensure that its fundraising is compliant with this legislation.

Bevan & Buckland have issued this alert to support trustees as well as remind them of their legal duties and responsibilities in this area. The key steps regulators expect trustees and charities to immediately take are;

  • Immediately cease any activity without explicit consent 
  • Review your activities in the areas of data collection, storage and use 
  • Review your current data governance systems and processes to ensure they are fit for purpose 
  • Where breaches are identified, review the requirements for reporting to the ICO and comply
  • Where breaches have occurred consider the risk to those whose data has been breached and undertake any action required to mitigate risks to those individuals and their data 
  • Notify the Charity Commission about any investigation of their charity by the Information Commissioner by reporting a serious incident

Further information for charities is available on the Information Commissioner’s website, in the Commission’s guidance and in The Code of Fundraising Practice, provided by the Fundraising Regulator.


If you would like more information, please contact Michael Jones (Audit Manager) on 01792 484555 or email