THIRD SECTOR PROMOTION

How to prepare for GDPR

Third Sector Promotion Markel

Up to speed with the forthcoming General Data Protection Regulation? Now is the perfect time to check

Data protection legislation is about to experience its biggest overhaul in 25 years, introducing a set of rules for how organisations process personal data. It is important that fundraisers meet the new legal requirements and keep their donors onside. Here are some steps charities should be taking now:

GDPR applies across the board

It is easy to think of data protection purely as a fundraising issue, but it is important not to do this. The new regulations will apply across the board for campaigning, marketing, managing volunteers and recording information about service users. Develop a strategy and implement it across your whole organisation. Charities must train volunteers in data protection, the same way as they would employees. It is also worth carrying out an audit of the personal data you hold, including where it came from and who you share it with.

Asking for consent

Under GDPR, charities must explain clearly why they are collecting personal data and what they are going to do with it. Simply including a privacy policy on your website is not enough. If you intend to make any data available to third-party providers you need to get explicit consent, and for this to be valid, it will need to be "freely given, specific, informed and an unambiguous indication of the data subject’s agreement".

A potential bigger headache is asking for consent for data you already hold. In this case, your existing consent may not be sufficient and you may need to have this refreshed, in keeping with the new regulations.

Opt in/opt out

Organisations don’t necessarily need consent for all forms of direct marketing – in most cases, charities can contact supporters by post and make live phone calls as long as they can prove they have a "legitimate interest" in doing so.

Demonstrating your "legitimate interest" is the tricky part; it must not offset the rights of the individual. Ultimately, GDPR states that an individual’s choice to say "no" is paramount.

The regulations also say that "silence, pre-ticked boxes or inactivity should not constitute consent". Pre-ticked boxes should be removed from websites and apps.

For all other forms of marketing, e.g email, text message or automated phone calls, charities will need consent.

Third parties

Under the new regulations, the responsibility for privacy protection will not solely lie with the organisation or charity controlling the data. Charities will have to review their contracts with third-party processors to reflect the balance of responsibility and be prepared for data processors to do their own due diligence on where their data came from.

Be user-friendly

Another key change with GDPR is the right for users to access their own personal data at any time. Charities need to have procedures in place to handle these requests efficiently. The new guidelines also include a "right to be forgotten" where people can request their personal data to be removed. There are limited circumstances where this right does not apply and you can refuse such a request; for example, to exercise the right of freedom of expression or to defend a legal claim.

Although there is no set time limit, it is important charities do not keep data for longer than is necessary. Having clear sections in your privacy policy such as "Remove all information about me" will make the process easy for people to use.

Look out for data breaches

Under the new rules, the Information Commissioner’s Office has the right to impose increased fines and penalties. Rianda Markram, head of content at LHS Solicitors, says: "The importance of getting it right cannot be stressed enough – the maximum monetary penalty that the ICO can currently issue is £500,000 but under GDPR this will increase with fines of up 4% of gross global turnover or £17 million."

The ICO will have to be informed of any breach that is likely to result in a risk to the rights and freedoms of individuals within 72 hours of the organisation becoming aware of it. Charities should make sure they have the right procedures in place to detect and report any incidents. Third-party contracts will also have to ensure information is passed along efficiently.

It is worth reviewing information from the ICO regularly to be aware of any changes in this area.

*The European Union General Data Protection Regulation will be implemented on 25 May 2018

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in

Expert Articles: Risk Management

Advice on risk from Markel, a specialist insurance company working with charities, community groups, trustees, social enterprises and care providers.

What is it like to work in the fundraising team at Age UK?

What is it like to work in the fundraising team at Age UK?

Promotion from Age UK

Ahead of Fundraising Week 2019, Laurie Boult, fundraising director, Age UK, tells Third Sector Jobs about the team culture and why it's a great time to join.

All charities have customers

All charities have customers

Promotion from Sponsored by Creative Computing Solutions

By Justin Farmiloe, Sales & Operations Director, Creative Computing Solutions and owner of Just-DONATE.

Managing cyber risk in the third sector

Managing cyber risk in the third sector

Promotion from Third Sector promotion

Cyber risks should be high on the risk management agenda of third sector organisations as incidents hit the headlines and burden small organisations with increasing frequency.

New opportunity to be Deutsche Bank's UK Charity of the Year - for two years

New opportunity to be Deutsche Bank's UK Charity of the Year - for two years

Promotion from Deutsche Bank

From May 18 until June 28, 2019, charities can apply to be Deutsche Bank UK's Charity of the Year for 2020-21.

How to create a strong risk register

How to create a strong risk register

Promotion from Markel

Do your stakeholders realise that regularly tracking risks could help secure finances, get them out of the crisis zone and meet future objectives with greater certainty?

Win an Apple Watch Series 3: Have your say in Haymarket's Annual Jobs Survey

Win an Apple Watch Series 3: Have your say in Haymarket's Annual Jobs Survey

Promotion from Haymarket Media Group

Third sector professionals invited to voice your opinions in the 2019 Jobs Survey from Haymarket Media Group and be in with the chance to win an Apple Watch Series 3 worth £279.

What is it like to work at Co-op?

What is it like to work at Co-op?

Promotion from Co-op

Rebecca Birkbeck, director of community and shared value, tells us about what it's like to work at Co-op and the member pioneer co-ordinator role she's recruiting for.

Charity property: could you be entitled to a huge VAT saving?

Charity property: could you be entitled to a huge VAT saving?

Promotion from Third Sector promotion

When a property is being constructed, VAT is charged at the standard rate. But if you're a charity, health body, educational institution, housing association or finance house, the work may well fall into a category that justifies zero-rating - and you could make a massive saving

How to get the most from your role

How to get the most from your role

Promotion from NFP Consulting

Paul Nott, principal consultant at NFP Consulting, offers advice to help you be the best charity professional you can be.

What is it like to work at Canine Partners?

What is it like to work at Canine Partners?

Promotion from Canine Partners

Megan Knight, HR co-ordinator at Canine Partners, tells us about the team culture and exciting director of marketing and income generation career opportunity currently available.

Follow us on:

Latest Jobs

RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners

Markel

Expert Hub

Insurance advice from Markel

Charity property: could you be entitled to a huge VAT saving?

Charity property: could you be entitled to a huge VAT saving?

Promotion from Third Sector promotion

When a property is being constructed, VAT is charged at the standard rate. But if you're a charity, health body, educational institution, housing association or finance house, the work may well fall into a category that justifies zero-rating - and you could make a massive saving

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now