How will the GDPR affect the way charities manage online giving?
01 February 18
The EU General Data Protection Regulation (GDPR) is due to come into force in the UK on 25th May this year. It will have a wide-ranging impact on organisations collecting and/or handling the data of others, including those in the charity sector. For charities that are currently using digital as a way to grow supporters and online giving as a way to raise funds there are some changes that may need to be made.
The GDPR is a new regime
The GDPR is the biggest sea change in data management for decades and the driving motivation behind it is to get those who are handling data to start approaching it differently. So, the GDPR requires more focus on data security and on ensuring that you know how data has been obtained. This requires a whole-organisation approach with everyone who works or volunteers for you trained to understand the importance of data protection and security. The first step is to audit how you currently handle data, who collects and manages it and what processes you have in place for disposing of it.
Consent is now a key issue
Opt-in is the best option
According to the GDPR “silence, pre-ticked boxes or inactivity should not constitute consent.” This new requirement for proactive consent means that it may well be safer for charities collecting data via online giving methods to select an opt-in method for supporters. In practice, this means that supporters are only contacted when they have actively opted-in to receive communications, rather than simply being given the opportunity to opt-out. The additional benefit to refining your communications lists to those who have recently opted to hear from you is that you’ll have higher open rates and levels of engagement, as well as a supporter base actively looking to engage through online means.
Data user requests
Data users can request access to their data held by charities via Subject Access Requests. This enables the user to see what data is held about them. It’s important for any organisation to be able to respond quickly to requests like this, which means processes need to be defined in advance. Data users also have a new “right to be forgotten,” which effectively means that your organisation needs to be ready to delete all data about someone, swiftly and completely, if you’re asked to do so.
The GDPR is not the intimidating change that it seems to be but a way to better manage data and ensure that breaches are swiftly handled and few in number. A platform like give.net can help you to manage the online fundraising data you collect in a more organised way and to help remain GDPR compliant.