GDPR Resources


On this page we’ve put together a set of resources about GDPR (General Data Protection Regulation). We’re doing this so that those in the charity sector – and interested parties outside it – can learn about the practices by which the sector complies with these regulations.

We begin with some general information on GDPR.

We follow with the ways GDPR relates to fundraising, and then prospect research.

After this, we have a section listing resources on privacy impact assessments.

Finally we have a section on privacy notices.

We hope this list of resources is useful – if you have any questions or comments for us relating to GDPR, or any recommended resources, please get in touch.

Factary information

  • Factary: Data Protection, Consent and Prospect Research
    This blogpost provides a brief history of data protection and prospect research, including the 2015 Etherington Review, which outlined recommendations for the future of fundraising. (Please note this post is from 2016 when ‘consent’ was being pushed as the only option for lawfully processing data.)
  • Factary: Prospect Research and Legitimate Interests
    In this paper we address the confusion and uncertainty for prospect researchers and fundraising teams owing to the lack of non-profit-specific guidance on GDPR. We clarify both Consent and Legitimate Interests, the relevant conditions to be relied upon for processing data. We especially concentrate on Legitimate Interests, which has been overlooked by many sources in favour of Consent. We hope this paper will help non-profits decide which approach is best for them.
  • Factary: Guide to GDPR compliant wealth screening (PDF)
    This paper is intended to outline how best to approach planning for a wealth screening under GDPR. We refer specifically to third party screening – that said, the information and processes outlined can also be applied to other forms of prospect research.
  • Factary: Why Factary is GDPR compliant – a one-page summary
    This one-page document summarises why Factary’s screening process is GDPR-compliant.

GDPR and fundraising