HMRC recently updated the Chapter 3 Gift Aid guidance (Sections 3.6.6, 3.7.1 and 3.9.1) to include information about requirements relevant to the General Data Protection Regulations (GDPR).
Keren Caird’s presentation to the Gift Aid practical issues working group provides a detailed overview of the implications of GDPR for Gift Aid and can be accessed here.
The relevant sections of the updated HMRC guidance are reproduced below:
[3.6 Gift Aid declarations]
3.6.6 A charity may want to add more information and notes of its own on a declaration form. For example, the inclusion of any General Data Protection Regulations (GDPR) that the charity feel is needed. HMRC has no objection to this or to the inclusion of a declaration in other documents, such as standing order mandates, provided the statutory requirements for a Gift Aid declaration are met.
[Chapter 3.7 Recording and audit of Gift Aid declarations]
3.7.1 HMRC is required to ensure that any tax repaid to a charity is properly due and correctly calculated. HMRC does this by carrying out inspections to check that Gift Aid claims are made for the correct amounts and are backed by valid Gift Aid declarations and clear audit trails for the donations received. Section 3.7.2 will tell a charity how to be to be compliant for Gift Aid audit purposes. In addition to this, a charity should also be mindful of any GDPR obligations.
[Chapter 3.9 Further information on the contents of the Gift Aid declaration]
3.9.1 The donor’s name and home address
The declaration should show:
- the donor’s full name – as a minimum HMRC will accept the donor’s initial and surname
- the donor’s full home postal address – as a minimum HMRC will accept the number (or name as appropriate) of their home and their full postcode
If HMRC finds the details on a declaration are not enough to trace the donor, they may ask the charity to get more information to check the claim. If the charity fails to get this information, it’s likely that the declaration will be considered invalid. We would recommend that charities ask donors at regular intervals, possibly every 2 years, to check the personal details held. Any request like this would have to be GDPR compliant.
If a donor changes their name or address, this will not invalidate the declaration. If the charity is notified of a change in the donor’s name or address, it must keep a record of the updated information – this can be kept as an electronic copy such as a scanned document. The declaration itself does not need to be amended, but a record of the change should be kept on the charity’s database.