GDPR Statement

This Statement provides information relating to the steps that Charities Trust is taking to ensure GDPR compliance. 


The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations approach data privacy.

The new regulations come into force on 25 May 2018 and introduce an enhanced EU-wide data protection regime.

GDPR impact on Charities Trust

At Charities Trust we have been reviewing and, where necessary, updating, our data protection practices; we have been developing our own systems, procedures, processes, polices etc. to ensure that internally we meet the enhanced GDPR requirements.

GDPR gives an even greater emphasis on ‘privacy by design’, where data privacy is the default option. 
This means that where we collect employee or donor data that we could potentially pass to a charity as part of the donation process, we will be changing our systems from:  'Opt out' | Please tick if you want to remain anonymous, to:  'Opt in'   | Please tick which contact method(s) you want your charities to use to update you on their activities.

GDPR impact on companies working with Charities Trust

Our GDPR changes will affect the data we collect on your employees’ behalf.

We will be in contact with companies on a more personal level in the next few weeks, depending on how your employee data is collected. We’ll be explaining to you what we need you to do, or explaining to you when you will see the changes that we’ve made to your current process.

GDPR impact on donors

Donors will be able to manage their contact preferences for the charities they support. We will release more information on how to update preferences once the new system has been launched.

GDPR impact on charities receiving donor data from Charities Trust

Charities will have to act upon the contact preferences they receive for donors.

The principles

Under the GDPR, the data protection principles set out the main responsibilities for organisations.

Charities Trust will comply with the GDPR principles, which require that personal data is:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate and, where necessary, kept up to date
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures


For general GDPR related questions, contact

Date of statement: February 2018