Industry Guides

Data Protection for NGOs and Churches

Guidance for Jamaican non-profits, churches, and charities on handling member, donor, and beneficiary data under the DPA.

Beginner 14 min
This module is general information, not legal advice, and is being reviewed by our legal team. For your specific situation, consult the official Data Protection Act, 2020 or seek professional advice.

What you will learn

  • The member, donor, and beneficiary data you hold
  • Why some of this data is sensitive
  • Handling fundraising, marketing, and volunteers
  • Practical steps for organisations run largely by volunteers

Overview

Churches, charities, and other non-profits sit at the centre of community life and hold a lot of personal data: members, donors, volunteers, and the people they serve. Often run by volunteers, they still carry full responsibility under the Act. This guide explains how to manage it.

Why this matters

Some of what non-profits hold is sensitive, such as religious affiliation or the needs of vulnerable beneficiaries. Supporters trust the organisation with their details and their generosity. Handling that data well protects people and sustains trust.

The data you hold

  • Members and congregants: contact details and, inherently, religious affiliation.
  • Donors and supporters: contact and giving history.
  • Volunteers: contact, availability, and sometimes background details.
  • Beneficiaries: the people you serve, whose data may be sensitive (health, financial hardship, children).
Watch out. Beneficiary data can be highly sensitive. Collect only what you need to help, and protect it carefully.

Sensitive data

Membership of a church or similar body reveals religious belief, which is sensitive personal data (see What is Sensitive Personal Data?). Charity work may also involve health or hardship data. These need stronger justification and protection.

Fundraising and marketing

Appeals, newsletters, and event invitations are usually marketing, which generally needs clear consent and an easy opt-out (see Do I Need Consent?). Keep a record of who agreed to hear from you.

Common mistakes

  • Treating member and donor lists casually because the organisation is small.
  • Emailing the whole list for fundraising without consent.
  • Storing beneficiary details in shared, unprotected documents.

Best practices

  • Give members, donors, and beneficiaries a simple privacy notice.
  • Limit who can access sensitive beneficiary and member data.
  • Get consent for fundraising and keep records of preferences.
  • Train volunteers on basic data handling.

Put this into practice

Create a privacy notice for your members, donors, and beneficiaries.

Generate a privacy notice

Frequently asked questions

Yes. Data revealing religious belief or membership is sensitive personal data and needs stronger protection.

Key takeaways

  • Non-profits hold member, donor, volunteer, and beneficiary data.
  • Membership of a religious or similar body is sensitive personal data.
  • Fundraising and marketing usually need clear consent and easy opt-out.
  • Volunteer-run organisations still carry the same responsibilities.

Related

Ask the Privacy Assistant

Beta