There’s been a fair amount of confusion in the sector about the new EU data rules which are coming into force in 2018.
I guess there are quite a lot of reasons for it, not least because of lot of different institutions with varying degrees of power and influence have been issuing guidance, creating new rules and revising procedures.
In my current role, I manage my charity's supporter database. It has been really difficult to find information. For a start, you have to navigate all these different and competing bodies and regulations. There's the Institute of Fundraising, the Information Commissioner’s Office, the EU, the government, Fundraising Standards Board, the new Fundraising Regulator, the Direct Marketing Association, the National Council for Voluntary Organisations all saying similar and slightly different things. And then there are various consultants and experts.
I understand that the IoF have been involved in talking to all these different organisations and it has spoken at various forums over the last nine months, but there hasn't been a great deal of information made more widely available on the web, for example. Holding a breakfast briefing in Westminster at 9.30am is great for those that work in London for the kind of charity that has deep pockets and has bought into this issue at a high level, but for the rest of the country it's difficult. Those of us outside the capital have extra travel time and costs to pay for and even then it's a question of which of these many events are just going to repeat to me what I've already gleaned from elsewhere, and which are actually going to tell me something new.
Most of the information that's currently available at the moment seems quite high level. It is great for boards of trustees, chief executives and directors of fundraising, but actually those people generally have no idea about how this affects things on a day-to-day, practical level. What proportion of chief executives will have even turned on their customer relationship management software let along understood how they need to record a donor preference, or what changing a solicit code will do? And yet the majority of the workforce in the charity sector, work at this bottomish level. They have someone on the phone who's angry because we mailed them and they didn’t want us to. Or someone who is asking why we didn't mail them their lottery tickets. Or they're trying to design a raffle ticket to collect someone's information and can't do it if the wording next to the text box has to be in at least a 10pt font.
So the real questions for me are how do I take all these different ideas and rules floating around and make a system that captures all the information we need without it being onerous to work with? How do we word and lay things out our permissions statements in such a way that they make sense, don't discourage people from signing up, won't cause us problems in another area of activity and are still legally compliant?
Decisions like these will cost charities tens of thousands, if not more and there's almost no guidance: charity database managers are not as well connected as others in the sector (should I be a member of the IoF or not? There's not much at its national convention that seems tailored to people like me, but where else do I go?) And those of us who are members of a professional body have not found them particularly forthcoming with information. The final wording of the EU’s General Data Protection Regulation was agreed in December.
Interestingly one of the things I did "attend" was a webinar run not by a not-for-profit organisation, but by the fundraising software firm Blackbaud. Its session was the first time that I'd heard anyone say that the EU GDPR might not require a full opt-in in every case. I'm told the number of people who were in on that call was 3,000. That in itself shows you the high-felt-need for some proper information and practical advice at a grassroots level.