Compliance & Regulation
Essential Reading
Charity Commission Cybersecurity Requirements
The Charity Commission's 2023 guidance explicitly states that trustees are responsible for cybersecurity as a matter of charity governance — not just operational management.
GDPR for Charities
The ICO has issued enforcement notices and monetary penalties to charities of all sizes — charitable status provides no exemption from UK GDPR obligations.
Further Reading
Cyber Essentials for Charities
Government grants involving personal data now require Cyber Essentials certification — and NHS commissioning increasingly expects it from third-sector health and care providers.
Fundraising Regulator and Data Protection
The Fundraising Regulator upheld complaints against 28% of charities investigated for data protection failures in their fundraising practices in 2023.
Do Charities Need a Data Protection Officer? GDPR DPO Requirements Explained
Charities that process special category data about beneficiaries at scale — health charities, mental health services, domestic abuse organisations — are typically required to appoint a DPO.