More than half of charities have seen the number of supporters they can contact by email fall as a result of the General Data Protection Regulation, a survey has revealed.
The survey of 176 charity workers by the research consultancy nfpSynergy, in conjunction with Third Sector, found that 53 per cent had seen their email database shrink to some extent as a result of complying with the GDPR, stringent data protection rules that came into force in May.
The number of people who were contactable by email more than halved for 18 per cent of respondents, although 31 per cent said their email database had stayed the same size.
Postal databases have also been affected, with 37 per cent of respondents saying theirs had shrunk to some extent, and 38 per cent saying it had remained the same.
Meanwhile, 20 per cent of respondents said their phone database had shrunk and 21 per cent said it had stayed the same. Most people (59 per cent) said they did not know or the question did not apply to them.
Joe Saxton, the founder of nfpSynergy, said: "Given that people might have spent years building up these databases of supporters, this could mean a large set of income-generating and relationship-building opportunities that are no longer possible.
"Some organisations will have seen their opportunities to raise money severely diminished."
He said that some organisations might have believed that they needed to rely on opt-in consent to contact supporters and were unaware that they could use the concept of legitimate interest, which becomes invalid once someone has been asked for consent.
"They might have a whole chunk of supporters who are still interested in them but they do not have the mechanisms to talk to them," Saxton said. "And of course if they’re very small organisations that’s a serious long-term financial implication."
Half of respondents said they were using legitimate interest to contact donors, and 62 per cent said they were using consent, the survey found.
When asked about the challenges they had found in preparing for the GDPR, many pointed to the time and effort it had required, one saying it had been "enormous", another saying it had "seriously limited" the charity’s ability to carry out its mission and another describing it as "a total and utter waste of time and money" that would horrify donors.
Almost nine out of ten respondents (89 per cent) agreed that preparing for and implementing processes to comply with the legislation took up a lot of staff time, and almost three-quarters (74 per cent) said it had taken a lot of money or resources.
Saxton said he thought it was likely that small charities would have found becoming compliant especially difficult.
One respondent said worrying about the GDPR had "hamstrung" the organisation and it had been given "often vague and contradictory" advice.
"Small charities are really suffering in the wake of the introduction of GDPR," the respondent said.
The majority of respondents (70 per cent) agreed it had really helped their organisation get its data protection processes in order, and 53 per cent said it would help to improve trust in the charity sector.
But less than half (49 per cent) felt the GDPR had been beneficial overall and only 15 per cent agreed that it had improved their relationship with their supporters – 28 per cent disagreed.
Saxton said: "There are some very frustrated people over GDPR and a huge amount of time and energy has been spent on becoming compliant."
He acknowledged that there was no difference in the law for charities and other organisations, but said charities had been particularly affected because they were less likely to be able to rely on having a contract or a legal obligation to contact people than businesses.
Despite the money and time put into preparing for the implementation of the legislation, only 61 per cent of respondents felt that staff at their organisation had a good understanding of the GDPR and 17 per cent strongly disagreed with the idea that their colleagues had a good grasp of it, the survey found.
When asked to rate their organisation’s GDPR compliance out of 10, the average rating was 7.5, which Saxton said was "moderately encouraging".
But he added: "I worry about where we’ll be a year from now. I think quite a lot of organisations won’t be compliant or will get shoddy if they think they can stop worrying."