Skip to content
Home » Free resources » News & insights » This is how to stay GDPR-compliant while undertaking major donor research

February 11, 2025

This is how to stay GDPR-compliant while undertaking major donor research

Major donor research can help you secure significant gifts, but it must be undertaken in line with GDPR. By taking a privacy-by-design approach, understanding your legal basis for data processing, and maintaining transparency with your supporters, you can build trust and strengthen donor relationships.

With fewer people giving to charities, it’s still a challenging time for fundraisers. But it’s not all bad news, according to CAF’s UK Giving Report 2024, the UK public donated an estimated £13.9 billion to charity in 2023 – up £1.2 billion on 2022. The report also found that while fewer people are giving, they’re giving more – a good indicator that major gifts could be a viable income.

If you’ve never undertaken major gift fundraising before, it can be overwhelming – who do you ask, how do you know they’ll be interested and who in your organisation is best placed to approach them? When it comes to major gift fundraising, a little research can go a long way to helping you understand who has the capacity to give to your cause, the affinity to care about it and the connection that can make them easier to ask.

Major donor research comes with its own complications if you don’t know how to do it and stay GDPR-compliant. These three tips will help you get started.

Take a privacy-by-design approach to your supporters’ data

    A privacy-by-design approach isn’t just best-practice fundraising, it’s the only way to build long-lasting relationships with your supporters. Nothing breaches trust faster than a reckless attitude to their data. 

    Educate your supporters on the importance of research and wealth screening through open communication about why it’s a fundamental part of good fundraising. Assure them that their data is safe with you and that any processing is optional, this will build strong and loyal relationships and allow you to explain to your supporters the importance of philanthropy.

    Understand your legal basis for data processing

      There are six lawful grounds for processing data under GDPR, these are:

      1. Consent
      2. Contract
      3. Legal obligation
      4. Vital interests
      5. Public task
      6. Legitimate interest

      The most common legal grounds for processing data for fundraising-related purposes are legitimate interest (which must be balanced against the rights of the individual and is normally combined with the provision of fair processing) and consent in which the data subject has given their consent to your processing of their data. One is not legally better than the other, they are simply appropriate to rely on at different times.  

      Most organisations rely on legitimate interest for prospect research and wealth screening. To make this a valid option for your organisation, undertake a Legitimate Interest Assessment (LIA) which includes a balancing test to ensure that your research won’t infringe the rights of the individuals that you are researching.

      Tell your supporters about your major donor research

        This is the most important step when you’re undertaking major donor research! Telling your supporters can feel scary but research is not only perfectly lawful, it’s also expected by your high-profile supporters. Research allows you to make educated asks of your supporters and means you’re not wasting their time or yours. In the seven years since GDPR came into force, we have not seen any negative impact on donor relationships because of increased transparency – in fact the openness has really improved the fundraising and research landscape.   

        You can tell your supporters about your research via your privacy notice. Make sure you give them time to opt out of data processing – although seven years of experience tells us that very few will do so. Your privacy notice must be easy to understand and accessible via your website and on any sign-up forms or mailing lists that collect supporters’ data.

        Ready to learn more about getting data protection right for major gift fundraising? Join our free webinar on Thursday 27th of February, covering:

        • Major gifts, prospect research and regulation
        • The legal basis for your activities – how you can do prospect research and still comply with GDPR
        • Legitimate Interest – what does it mean and how to demonstrate it
        • Data Protection Impact Assessments – why, how and when
        • Fair processing information – getting it right
        • Using publicly accessible data sources
        • Applying this to wealth screening, desk research, due diligence
        • Data retention and minimisation

        Book your place.