According to an article by Charity Digital News, one in four organisations are still unprepared for the EU General Data Protection Regulation (GDPR). GDPR is certainly something that charities need to prioritise as the results of non-compliance could be costly.
What is GDPR?
As of May 25th 2018, the way charities collect and maintain data is changing. The GDPR places stricter guidelines on charities when compared to the Data Protection Act. Charities must now provide an ‘opt-in’ for individuals, so they can control how charities communicate with them including telephone, direct mail and emails.
Under GDPR, charities will also need to confirm that consent has been obtained before any data can be used, including any legacy data they are holding. If individuals should choose to opt-out of communications, data needs to be removed immediately.
Why do charities need to make sure they’re ready for GDPR?
There are serious consequences for any charity that is deemed non-compliant with GDPR regulations. Among other penalties, charities could have to pay out up to 20 million euros or 4% of their global annual turnover, whichever is greater.
Charities will also face the risk of losing their data, which is undoubtedly one of the most important assets for marketing and fundraising efforts. If data is not maintained and updated correctly, charities also risk their own reputations. At a time when relationships between individuals and the third sector has been fragile, charities cannot afford for any more setbacks on rebuilding the public’s trust.
Success has already been seen with Opt-in
A handful of charities have already adopted the opt-in system, and despite initial reservations some positive results have been seen. The RNLI became the first charity to adopt the system back in October, and predicted that 225,000 would opt-in. To date the charity has more than 382,000 people who are engaged supporters, making marketing efforts more targeted and in turn successful. More charities are set to follow suit with the opt-in method; Cancer Research UK and British Red Cross have both agreed to implement the systems very shortly.
Help is at hand…
CAN Mezzanine customer, Fundraising Regulator (FR) has confirmed it believes the safest method for collecting data is via an opt in system. Amending how data is collected to be in line with GDPR regulations seems a daunting task for many, but help is at hand. The FR has therefore released its guidance on how to make sure you’re compliant. You can find an actions checklist and self-assessment toolkit to accompany the guidance leaflet here.