The Institute of Fundraising has issued an update of its guide to the General Data Protection Regulation as we approach the first anniversary of the shake-up in how we use and store data. Cast your mind back 12 months. I suspect that there was much head-shaking and complaining about the GDPR: how it was going to make everything harder and absorb much time that could have been better spent on what charities are meant to be about.
Mention of the GDPR at trustee meetings was greeted with sympathetic looks from the board, encouragement to staff members who were attending to endlessly complicated audits, and a certain nervousness as a result of newspaper headlines about the size of the fines the Information Commissioner could impose on those, including charities, that did not match up to the new regulations.
I remember it well because I was one of those rolling my eyes. A year on, I am a convert to the GDPR. Yes, it was hard work to get up to speed and, yes, it can still be almost impossible to work out what exactly we should be doing with certain sorts of data. But there is one extraordinary bonus.
For several years, as part of a prison reform charity that supports young serving and ex-prisoners who want to continue their rehabilitation by going to university, I had been campaigning with a group of like-minded charities to get the university admissions service, UCAS, to change the forms that every would-be student must fill in when applying to study for a degree. Why? Because very early on the UCAS form required disclosure of criminal convictions, with no explanation of what would be done with the information.
We knew, or had deduced from those we worked with, what was being done with it. Universities were using it to reject ex-prisoners. To quote just one example, Sally – not her real name – applied to five universities to read criminology and declared her conviction on the UCAS form. She had more than adequate grades, yet within days of submitting the form all five had rejected her, with no explanations.
Most ex-prisoners would give up at that stage. It was one more proof that, though they had served their time, society was intent on continuing to punish them. Faced with the question on the initial UCAS form, many did not bother applying at all, assuming its presence to be a signal that they were not wanted. But Sally was made of sterner stuff and, by sheer perseverance, got her
local university to give her a chance. Last summer she graduated with a first.
Our lobbying of UCAS, though, was making little headway until out of the blue last summer it announced a change of heart and dropped the question from the forms. Under the GDPR, it turned out, such questions could not be asked of everyone applying to university because only half of 1 per cent of them were likely to say yes. It was a disproportionate demand for personal data. This academic year is the first without that intrusive question and all the behind-the-scenes prejudice it allowed. And it is all down to the GDPR.
If you doubt that this particular change will bring a social benefit, take a look at an article Barack Obama wrote in the Harvard Law Review as he left the presidency. While in the White House, he had banned the box about criminal convictions on application forms for US colleges. The result, he said, was a leap in the number of inner-city youngsters from non-college backgrounds applying for higher education and all the benefits for their lives that came with that.
It has taken the GDPR to achieve the same change here, not an enlightened
politician, but the effect will be the same. Hurrah for the GDPR.
Peter Stanford is a writer and broadcaster, and was a charity chair for more than 20 years