Book online

Event Summary

The DUAA 2025 and the ICO’s new soft opt‑in guidance bring important changes to how charities collect, use and share personal data. Our Data Protection for Charities online training course helps you understand these updates and gives you the practical knowledge to handle personal data safely, ethically and in a way that builds trust with supporters, beneficiaries and volunteers.

Learn the key rules that govern fundraising and supporter engagement, including how fundraising activities fall within UK direct marketing law, and the transparency information charities must provide when collecting personal data under UK GDPR and PECR.

Understand how to use third‑party and public data safely and follow ICO due diligence expectations for CRMs and fundraising platforms and spot practices that may be intrusive or high risk. Understand the difference between fair and intrusive profiling and learn what DUAA 2025 means for transparency around automated decisions and AI.

Gain expert guidance on how to apply the charity soft opt‑in correctly, keep accurate consent and opt‑out records, and communicate with supporters in a compliant and respectful way. Learn when a DPIA is needed, how to identify risks, choose practical mitigations and document your decisions clearly.

By the end of the day, you will have a clear, practical understanding of how to strengthen everyday data protection across your organisation and support colleagues to follow good practice.

Trainers

Tim Turner

Data Protection Expert and Trainer

Who should attend

This training is designed for those responsible for data protection in charities and not-for-profit organisations, including:

Marketing and Communications Teams
Partnerships and Engagement Teams
Fundraising Teams
Business Development Teams
Directors and CEO’s

Online Training

Participate in live training online
Group work and practical scenarios
Course materials

I found it really valuable to be around others in the same position as myself, sharing common challenges faced by charity sector.
Louise Hallam, Yorkshire Adoption Agency

Very good information. I learned a lot. Also enjoyed the breakout session.
Frank Anti, Lewisham Multilingual Advice Service

This was an excellent balance between learning and networking.
Naomi John, The Inflammatory Breast Cancer Network UK

Very interesting and useful to be in a session with likeminded peers experiencing the same challenges.
Lynne Maltman, Music Support

Course Outcomes

Improve your charity’s data collection, processing and storage to meet DUAA and UK GDPR standards
Identify what charities must tell people to make supporter and service user journeys more transparent
Use third party and public data safely by following ICO due diligence expectations
Know the difference between fair and intrusive profiling in fundraising
Apply AI transparency rules under DUAA when profiling supporters
Apply the charity soft opt‑in correctly and keep accurate consent and opt‑out records
Recognise when a DPIA is needed and document risks and mitigations clearly
Prepare confidently for ICO audits by keeping documentation current and managing incidents well

Agenda

09:45 -10:00

Course Introduction

Tim Turner

Data Protection Expert and Trainer

10:00 – 10:30

The Basics of Marketing and Data Protection

Why is fundraising treated as direct marketing under UK GDPR and PECR?
What marketing rules apply to charities?
Why data protection matters for donor, beneficiary and volunteer trust
Good data handling practices that strengthen relationships

10:30 – 11:00

Putting Transparency in Practice

What must you tell people when collecting personal data?
Why charities have struggled (consent, wealth screening, bought lists)
How to offer clear supporter choices
Examples of strong charity transparency in action

11:00 - 11:15

Morning Break

11:15 –12:00

Using Third Party and Public Data Safely

Manging third‑party data
ICO due diligence guidance for CRMs, fundraising platforms and data brokers
How to use public information ethically
What to avoid? Intrusive or high risk practices

Participants will engage in scenario-based discussion exercise

12:00 – 12:30

Profiling Potential Donors

Informing people about profiling? What and when?
What counts as fair vs intrusive profiling
Transparency for automated decision making and AI under DUAA 2025

12:30 – 13:00

Sending Promotional Messages

How the charity soft opt-in works
When the charitable purposes soft opt-in applies
What counts as “support” or “interest”
Safeguarding considerations for vulnerable individuals
Keeping accurate consent and opt-out records

13:00 – 14:00

Lunch

14:00 14:45

Data Protection Impact Assessments (DPIAs)

When a DPIA is required
High risk charity activities (vulnerable people, case‑management systems, profiling, AI tools)
How to identify risks and choose practical mitigations
What the ICO expects you to document

14:45 – 15:15

Preparing for ICO Audits

Keeping your core documents audit ready
Reviewing privacy and data collection practice
Doing your due diligence on supporters, suppliers and platforms
Checking DPIAs cover your real risks
Preparing for incidents

15:15 – 15:30

Review of the Day

Useful resources
Final questions and feedback

15:30

Close of Course

Tim Turner

Data Protection Expert and Trainer

CPD

This training is CPD certified.

Contribute 6 hours towards your Continuing Professional Development (CPD)
Receive a certificate of attendance.

In-house Training

Westminster Insight provides bespoke training at a time and place to suit you and your organisation’s needs. All our courses can be provided online, at your place of work or a venue of your choice. Additionally, we can tailor or create a course to suit the exact needs of your organisation. We will discuss the learning outcomes with you and tailor the training to the needs of your organisation.

Benefits of in-house training:

Flexible – Schedule a course date and times that work best for you and your teams. Upskill your teams immediately as training needs arise. Choose from in-person or online and bring your teams together to learn in an interactive, friendly environment.

Cost-effective – Train groups of individuals working in the same organisation without incurring travel or accommodation costs.

Customised Content – Our experienced trainers work with you to ensure that the course content is tailored to meet the needs of your teams and organisation. Benefit from the opportunity to have in-depth discussions about scenarios in your organisation in a confidential forum.

Find out more about our tailored training solutions by contacting us at [email protected]

Download Training Catalogue

Handling Data Subject Access Requests Online Training

Wednesday 20th May 2026

Data and Technology Training Courses

Preventing and Responding to a Data Breach Online Training

Tuesday 21st April 2026

Data and Technology Training Courses

Data Protection for Charities

Online Training

Event Summary

Course Outcomes

Agenda