Payroll Giving GDPR Changes

The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018, introducing an enhanced EU-wide data protection regime.

To ensure we meet the enhanced requirements, we are updating some of our processes, including our Payroll Giving Sign Up Form (full details below). We have created a new form which you need to download and start using now. 

Download your new Payroll Giving Sign Up Form >  

What has changed?

  1. Following the new GDPR principles, donors will now need to opt in to share their contact details with charities
  2. This is shown as four tick boxes: Post, Email, Phone, Text
  3. No boxes ticked (a ‘positive opt in’) will mean that no contact details will be passed to the charities
  4. This replaces the ‘opt out’ and anonymous option that is currently in place 
  5. Donors will now see information on how Charities Trust uses their data
  6. Our Privacy Policy has been updated to describe how we use and protect their data

What do you need to do? 

  1. You need to replace your existing version of our form with this new version
  2. Donors will need to use the new version going forward
  3. If you have your own version of the sign up form, you will need to update this in line with our new contact preferences and privacy information. We will not be able to accept any forms without these after the 25th May 2018

The principles

Under the GDPR, the data protection principles set out the main responsibilities for organisations.

Charities Trust will comply with the GDPR principles, which require that personal data is:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate and, where necessary, kept up to date
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures


For GDPR related queries, contact

For any other queries, contact

Last updated: 24 April 2018