Industry Guides
Data Protection for NGOs and Churches
Guidance for Jamaican non-profits, churches, and charities on handling member, donor, and beneficiary data under the DPA.
What you will learn
- The member, donor, and beneficiary data you hold
- Why some of this data is sensitive
- Handling fundraising, marketing, and volunteers
- Practical steps for organisations run largely by volunteers
Overview
Churches, charities, and other non-profits sit at the centre of community life and hold a lot of personal data: members, donors, volunteers, and the people they serve. Often run by volunteers, they still carry full responsibility under the Act. This guide explains how to manage it.
Why this matters
Some of what non-profits hold is sensitive, such as religious affiliation or the needs of vulnerable beneficiaries. Supporters trust the organisation with their details and their generosity. Handling that data well protects people and sustains trust.
The data you hold
- Members and congregants: contact details and, inherently, religious affiliation.
- Donors and supporters: contact and giving history.
- Volunteers: contact, availability, and sometimes background details.
- Beneficiaries: the people you serve, whose data may be sensitive (health, financial hardship, children).
Sensitive data
Membership of a church or similar body reveals religious belief, which is sensitive personal data (see What is Sensitive Personal Data?). Charity work may also involve health or hardship data. These need stronger justification and protection.
Fundraising and marketing
Appeals, newsletters, and event invitations are usually marketing, which generally needs clear consent and an easy opt-out (see Do I Need Consent?). Keep a record of who agreed to hear from you.
Common mistakes
- Treating member and donor lists casually because the organisation is small.
- Emailing the whole list for fundraising without consent.
- Storing beneficiary details in shared, unprotected documents.
Best practices
- Give members, donors, and beneficiaries a simple privacy notice.
- Limit who can access sensitive beneficiary and member data.
- Get consent for fundraising and keep records of preferences.
- Train volunteers on basic data handling.
Put this into practice
Create a privacy notice for your members, donors, and beneficiaries.
Generate a privacy noticeFrequently asked questions
Key takeaways
- Non-profits hold member, donor, volunteer, and beneficiary data.
- Membership of a religious or similar body is sensitive personal data.
- Fundraising and marketing usually need clear consent and easy opt-out.
- Volunteer-run organisations still carry the same responsibilities.
