What GDPR Means For Charities
The General Data Protection Regulation (GDPR) has dominated the media in recent months meaning it has undoubtedly been playing on the minds of fundraisers and charities.
GDPR is a new EU law that came into effect on the 25th of May of this year to replace the former Data protection act which was over 25 years old at the time of its replacement. When you take into account how much technology has advanced in that time it’s a mystery why we needed a scandal with a social media website for this update. To put it into perspective, having more than 8 different colours on a computer screen at once was impossible in 1993, yet now we pocket-sized devices that give us everything we could ever possibly need, and more than we would ever want, at the swipe of a screen.
What does the new data protection regulation mean for charities?
Perhaps the biggest change charities face is what counts as valid consent to store and use a person’s data. “Valid consent” in the eyes of GDPR will be far more difficult to obtain. In the documentation, it states that consent must be a “clear, affirmative act showing a freely given, specific, informed and unambiguous indication of the data subject’s (donor in this case) agreement”. This means that the charity must outline exactly what the donor is signing up for, how they will be contacted and how their data will be used. Pre-GDPR consent is okay only if they adhere to the new GDPR standard which for roughly 95% of organisations was not the case.
Another challenge that may affect charities more than most is the transparency and data access requests from donors. Reason being, staff levels are at their lowest in charities who are largely made up of volunteers and enacting an organisation wide, time-efficient method to ensure that they comply with the new regulations. Charities will have a month to respond to a data access request from a donor, if this time frame is not adhered to they will face fines and penalties from legislators.
To ensure that things run smoothly it is incredibly important to ensure that all data is stored in, secure, easy to locate places so that charities can remain compliant with the new laws while not redirecting too much resources away from their main focus.