Well, the short answer is that often your trustees are legally responsible, but this is commonly delegated to others including a DPO, CEO or governance committee.
As data protection guidance is changing, and the Fundraising Regulator has updated its data privacy advice, it is important that you have someone responsible for ensuring your compliance with these and other regulations.
If you are not sure who they are, why not book a free 25-minute call using the link below, and we can chat through some possible cost-effective models?