Trustees are legally obliged to comply with charity law requirements and other laws applicable to the charity, so compliance with relevant data protection legislation is a fundamental part of a trustee’s responsibilities.
Many charities have boards and committees that oversee data protection matters and provide senior level oversight as there is the significant reputational risk when things go wrong. Accordingly, accountability sits with the charities’ senior management, i.e. the trustees. There should also be senior level oversight of data protection risks and mitigations, including, but not limited to, the signing-off of data protection policies and procedures as appropriate.
Trustees may also be personally liable for any financial loss they cause or help to cause. Trustees, therefore, have significant responsibilities.