It cannot have escaped anyone’s notice that this year will see the introduction of the General Data Protection Regulation, or GDPR as it is frequently referred to. It seems to be the main topic of conversation among people leading and managing volunteers, with lots of questions being asked about its implications for holding data on volunteers.
The tone of these questions worries me. They follow a pattern: the volunteer manager has been told what they can’t do under GDPR rules and is figuring out how to limit the impact on their work. For example, they are told they can’t store data on former volunteers and wonder how they can possibly stay in touch with these people to ask them to consider volunteering again.
In other words, a specialist in the GDPR, someone who very probably knows nothing about volunteer management, has determined the future practice of volunteer management, and people seem to be accepting this and not questioning whether the advice is correct or sensible.
My American colleague Susan J Ellis makes it clear that the job of specialists (such as those looking at the GDPR) is to understand what we need to do and then help us find a way to do that legally and safely under the rules. It is not their job to tell us what we can and cannot do in ignorance of what actually needs doing.
A big part of the problem is that senior management teams and boards increasingly practise risk avoidance, not risk management. They listen to and act upon the advice of these specialists, who scaremonger by describing the worst possible scenarios. Yet they never consult or listen to their own volunteer engagement experts, who could outline how likely it is that the risks will actually occur (usually much less likely than the specialists think) and how to effectively mitigate those risks.
As an example, in one organisation I worked for I was told that legal advice meant we couldn’t have a grievance process for volunteers. The advice suggested that if a volunteer took us to an employment tribunal, the existence of a grievance process would mean the volunteer would be more likely to be ruled as an employee. Not only is this nonsense, but it also fails to acknowledge that if we had no grievance process volunteers would be more likely to take us to a tribunal. Furthermore, if we raised our game and treated volunteers better, rather than wasting time on ill-informed advice from people who know nothing about volunteer management, we’d carry less risk of being accused of bad practice in the first place.
We can’t stop the GDPR and it is being introduced for good reasons. But as it’s implementation looms ever nearer, the voices of the scaremongers will get louder and more numerous. Leaders of volunteers must speak up, ensuring that volunteer engagement does not suffer unnecessarily. We must not roll over and we must not let the scaremongers win.
Rob Jackson is a volunteering consultant