Protecting personal data

You may handle information about other people whilst fundraising, most likely volunteers, donors and event participants. BHF is legally obliged to ensure that care is taken where our supporters' data is used, so it’s important you take this same care when acting on our behalf.



Our guidance below outlines best practices when handling data, so we ask you to read through this to feel confident you’re handling data in the right way. Proper handling of Personal Data shows we respect people’s information, which fosters confidence in BHF. Mistakes could result in bad publicity, legal action or even fines.

Personal data is information that relates to a living individual who can be identified from that data, such as name and address. Sensitive personal data identifies things such as someone’s racial or ethnic origin, political or religious beliefs, physical or mental health, or their sexuality or criminal past. As volunteers we would not expect you to be collecting data that could be considered Sensitive Personal Data.

Data Protection laws set out a framework for safeguarding Personal Data and this framework covers people’s rights and responsibilities when communicating by post, phone, email, text message or other electronic communications. There are 8 principles of Data Protection which lay the foundation for proper handling of Personal Data and we ask you to be aware of 2 of these principles in particular, as these apply to your role and will help ensure that BHF complies with Data Protection laws.

1) Personal Data should be processed fairly and lawfully.  This means you should;

  • Only collect data if you have a legitimate need to do so, such as registering someone for a fundraising event.
  • Only use Personal Data in ways that people would reasonably expect, such as collecting contact details when registering someone for an event so that we can share information about that event with them
  • Tell people why we are collecting their information and what we will do with it.
  • Obtain permission for contacting someone in future using personal data collected
  • Never share Sensitive Personal Data with anyone outside of the branch or group before speaking to your Fundraising Manager or obtaining the individual’s explicit consent

2) Personal Data must be kept securely

  • Files and papers containing personal data should be kept to a minimum and should be stored securely at all times – ideally locked away – and should be shredded or destroyed after use.
  • Be clear about who has access to the data and make sure this is limited to necessary people only.
  • Keep the quantity of Personal Data stored on personal computers to a minimum and delete the data when it is no longer needed.  Make sure the computer is password protected and password-protect documents containing Personal Data.
  • If you need to send a large quantity of Personal Data e.g. a spreadsheet with donor details, ensure the spreadsheet is password protected and send the password in a separate email or by telephone.

It is important to protect Personal Data from the point of collection right through to its destruction. It's also important to only collect and use Personal Data for the intended purpose, to keep data up to date and accurate and only keep it for as long as we need and to not collect excessive or unnecessary information. 
Please keep all of this in mind when working with supporter data and if you have any questions, please contact your Fundraising Manager.