Charity Social Media Policy Guide
A charity social media policy sets out how your charity uses social media accounts, who can post, what tone and boundaries apply, and how problems are handled. It covers official channels run by the charity and, where relevant, what is expected of staff, volunteers and trustees who post in a personal capacity.
The policy matters because anything published online can affect public trust in your charity. Trustees are responsible for their charity's governance and for compliance with charity law, and a clear social media policy is part of how they manage reputational risk.
The headline point is oversight. Social media is fast and public, so trustees need to know who holds the account passwords, who signs off sensitive content, and how the charity responds when something goes wrong.
Social media also touches charity rules on campaigning and political activity, on safeguarding and on data protection. A good policy joins these together rather than treating online activity as a separate world.
This is a sector good practice expectation rather than a single named Charity Commission guidance document, so it draws on wider duties around risk, reputation and campaigning. For the underlying rules, see the Charity Commission guidance collection.
Why trustees should own this
Day to day posting is usually delegated to staff or volunteers, but the trustees remain accountable for the charity's conduct and reputation. They should approve the policy, understand the main risks, and make sure someone is clearly responsible for the accounts.
Reputational damage is one of the harms that can amount to a serious incident. If a social media post or response causes, or risks causing, significant damage to the charity's reputation, trustees may need to consider reporting it to the Commission and explaining how they are handling it.
What a charity social media policy should cover
1. Scope, accounts and ownership
List the official accounts the charity runs and name the platforms in use. State who owns the accounts on behalf of the charity, who holds login details, and that access is removed when someone leaves a role.
Make clear the difference between official charity channels and personal accounts. Many problems arise when a personal post is read as the charity's position, so the policy should set expectations for both.
2. Roles, sign-off and oversight
Set out who can post routine content and who must approve sensitive or high profile content before it goes live. Trustees should agree where the line sits and who escalates a difficult issue to them.
Good practice is to record key decisions and to keep a simple log of who manages the accounts. This supports the trustees' oversight without slowing down ordinary posting.
3. Tone, conduct and acceptable use
Describe the tone you expect, the topics to avoid, and behaviour that is not acceptable, such as abuse, discrimination or sharing confidential information. Link this to the charity's wider conduct and behaviour expectations for staff and volunteers.
Set out how the charity handles comments and messages from the public, including when to respond, when to hide or remove content, and when to block an account. Consistency here protects both the charity and the people it works with.
4. Campaigning and political activity
Social media is a common channel for charity campaigning, and the same rules apply online as offline. A charity may campaign to further its charitable purposes, but it must never support a political party and cannot make political donations.
The policy should remind those posting that campaigning content must stay within the charity's purposes and the Commission's rules. See campaigning and political activity (CC9) for the detail, and connect this to your charity campaigning and political activity policy.
5. Safeguarding, data and risk
Online channels can create safeguarding risks, for example through contact with beneficiaries or sharing images. Trustees have a duty to take reasonable steps to protect from harm everyone who comes into contact with the charity, so the policy should cross refer to your safeguarding arrangements.
Any charity that processes personal data must comply with UK GDPR and the Data Protection Act 2018, regulated by the Information Commissioner's Office. The policy should note how images, names and personal information are handled before they are posted.
6. Incidents and reporting
Set out what to do when a post causes harm, attracts a serious complaint, or risks significant reputational damage. A serious incident is an adverse event, whether actual or alleged, that results in or risks significant harm to people, significant loss of money or assets, or significant damage to the charity's property or reputation.
Trustees should report serious incidents to the Commission promptly and explain how they are handling them, and safeguarding incidents should also be reported to the police, obtaining a crime reference number. See how to report a serious incident.
Quick reference
| Area | What to set out |
|---|---|
| Accounts | Official channels, who owns them, who holds access |
| Sign-off | Routine posting versus content needing approval |
| Conduct | Tone, acceptable use, handling comments and abuse |
| Campaigning | Within purposes, no party support, no political donations |
| Safeguarding and data | Protecting people online, complying with UK GDPR |
| Incidents | When to escalate, report a serious incident, contact police |
What trustees must do
- Approve a written social media policy and review it periodically.
- Assign clear responsibility for the charity's accounts and access.
- Agree what content needs sign-off before it is published.
- Apply the campaigning rules to online activity as well as offline.
- Connect the policy to safeguarding, data protection and conduct expectations.
- Report a serious incident promptly where a post causes or risks significant harm or reputational damage.
Common mistakes
- Leaving account access with one person and losing control when they leave.
- Treating personal posts as nothing to do with the charity until a problem arises.
- Posting campaigning content that drifts beyond the charity's purposes.
- Sharing images or personal data without thinking about UK GDPR or safeguarding.
- Having no agreed route for escalating a damaging post to trustees.
- Failing to consider whether a serious online incident should be reported to the Commission.
How Policy Pros can help
We write bespoke charity policies that fit how your charity actually works, including social media, campaigning and the wider governance documents the Commission expects. Our charity policies and procedures service covers drafting, review and updates so your trustees can show clear oversight.
A social media policy works best alongside its sibling documents. We can also help with your charity external speakers policy, your charity safeguarding policy, and your charity risk management policy, all mapped back to the charity policies and annual return guide. For wider context, the sector Charity Governance Code sets out good practice on trustee oversight.
Frequently Asked Questions
Does a charity legally need a social media policy?
There is no single law that names a social media policy, but trustees are responsible for managing reputational risk and the conduct of their charity. Holding a clear policy is sector good practice and helps trustees show oversight of online activity. Many charities treat it as a standard governance document alongside safeguarding and risk policies.
Can a charity campaign on social media?
Yes. A charity may campaign to further its charitable purposes, including through social media, and the same rules apply online as offline. The charity must never support a political party and cannot make political donations. The Charity Commission's CC9 guidance on campaigning and political activity sets out the detail.
Who should be responsible for a charity's social media accounts?
Day to day posting is usually delegated to staff or volunteers, but trustees remain accountable for the charity's conduct and reputation. The policy should name who owns the accounts, who holds access, and who signs off sensitive content. Trustees should approve the policy and know how issues are escalated to them.
When is a social media problem a serious incident?
A serious incident is an adverse event, actual or alleged, that risks significant harm to people, significant loss of money or assets, or significant damage to the charity's reputation or property. A damaging post or online safeguarding issue can meet this threshold. Trustees should report serious incidents to the Commission promptly and report safeguarding incidents to the police, obtaining a crime reference number.
How does data protection apply to charity social media?
Any charity that processes personal data must comply with UK GDPR and the Data Protection Act 2018, regulated by the Information Commissioner's Office. This applies when you post images, names or personal information about beneficiaries, staff or volunteers. Your social media policy should set out how such information is handled before it is published.
