Data collection is essential for all businesses, including not-for-profit organisations, from gathering feedback and managing volunteers to tracking impact and reporting to funders. With Microsoft Forms, charities and social enterprises can do all this efficiently, securely and in full compliance with UK data protection laws.
Included in your Microsoft 365 Business Premium licence, Microsoft Forms offers a simple way to create surveys, quizzes and polls. But beyond ease of use, it’s the platform’s security, compliance and integration features that make it ideal for the third sector.
Quick start guide to creating and sharing a form
- Access forms: go to forms.office.com and sign in with your Microsoft 365 credentials
- Create a form or quiz: click “new form” or “new quiz”
- Add questions: use multiple choice, text, rating, date or Likert scale
- Customise: add branding, set response limits and enable branching logic
- Share securely: share via link, QR code, email or embed on your website
- Restrict access to internal users or allow external responses
- Analyse responses: view real-time charts
- Export to Excel or integrate with Power BI for deeper insights
Security and compliance with Microsoft Cloud Trust
Microsoft Forms is built on the Microsoft Cloud Trust framework, offering:
- Encryption at rest and in transit
- GDPR compliance
- Data residency controls
- Integration with Azure Active Directory for access management
This means your data is protected by enterprise-grade security and your organisation can meet legal obligations under the UK GDPR and Data Protection Act 2018.
Legal requirements for UK not-for-profit organisations collecting data
In this demo example, we take a look at how not-for-profits can use Microsoft Forms to ethically collect data. Charities and non-profits are not exempt from data protection laws. In fact, they often handle sensitive personal data, such as health, ethnicity, religion or safeguarding information, which requires extra care and legal compliance.
Key legal obligations
- Lawful basis for processing: not-for-profits must identify a valid legal basis (eg. consent, legitimate interest, contractural necessity) under Article 6 of the UK GDPR
- Explicit consent for special category data: if collecting sensitive data, you must obtain explicit, informed and freely given consent
- Transparency: your privacy policy must clearly explain:
- What data is collected
- Why it’s collected
- How it’s stored and used
- Who it’s shared with
- Data minimisation and retention: only collect what’s necessary and retain it only as long as needed
- Security measures: implement technical and organisational protection levels and retain it only as long as needed
- Breach reporting: you must report data breaches to the ICO within 72 hours if they pose a risk to individuals
Using Microsoft Forms compliantly
Here are a selection of ways that you can use Microsoft Forms within compliance regulations:
- Mention Forms in your Privacy Policy by clearly stating its use and data handling practices
- Get in touch with the CSG team to ensure that you have set up Microsoft Forms correctly with regards to compliance regulations
- Configure access controls: using Azure AD, you can restrict who can view or submit forms
- Avoid collecting unnecessary sensitive data, such as health, ethnicity or oteher special category data
Best practices for not-for-profits using Microsoft Forms
- Use conditional logic: edit questions based on previous answers to improve relevance
- Automate workflows: use Power Automate to trigger actions (eg. send confirmation emails, log responses in SharePoint)
- Integrate with Excel Online: create live dashboards for donor feedback or volunteer engagement
- Regularly audit forms: review form content, access permissions and data retention policies
Why Microsoft Forms is ideal for the third sector
- Cost-effective: included in Microsoft 365 Business Premium – no extra licensing needed
- Secure: built on Microsoft’s enterprise-grade cloud infrastructure
- Compliant: meets GDPR and UK data protection standards
- Intergrated: works with Teams, SharePoint, Excel and Power BI without any issues
- Accessible: mobile-friendly and easy to use for all stakeholders
For not-for-profit organisations, Microsoft Forms offers a secure, compliant and user-friendly way to collect and manage data. When used correctly, it supports transparency, builds trust and helps meet legal obligations, all while empowering your team to make data-driven decisions.