blog banner
GDPR for Charities & NonProfits | Is Your Charity GDPR Ready?

GDPR for Charities & NonProfits | Is Your Charity GDPR Ready?

hi welcome to another episode from our
gdpr thought leadership series here will be discussing whether your charity
is ready for gdpr the general data protection regulation or GDPR came
into force on May 25th 2018 and applies to charitable organizations that process
personal data regardless of their size the core premise behind the GDPR
besides harmonizing data collection practices is the balancing of individual
and business rights through transparency and accountability if your charity is
located in the European Union or EU the GDPR are certainly applies to you for
nonprofits located outside the EU the GDPR GDPR is applicable if you offer goods
and/or provide services to EU based individuals or monitor the behavior of
EU based individuals therefore the US charity which as part of its activities
helps Somalian refugees based in Germany would need to comply with the GDPR as
it provides services to individuals based in the EU interestingly the GDPR
has no special provisions for charities and they will be held to the same data
protection standards as regular businesses compliance with the GDPR
can be costly requiring charities to analyze the way they worked the data
they use how it’s handled and secured under the GDPR are the definition of
personal data is broad all charitable organisations will be deemed to be
processing personal data fundraisers need to ensure they’re meeting the legal
requirements while still giving their donors a great experience of supporting
charities the most commonly stored or processed personal data by charities is
the data concerning their donors volunteers or any individual who
interact with the charity employs consultants external service providers
etc as a sector that relies heavily on
direct mail and fundraising initiatives to continue to provide vital services
charities must be prepared to implement this new legislation at every level of
their organization especially in their marketing from documenting how personal
data is held a processed to developing procedures for dealing with individuals
requests to see the data held on them assessing the privacy impact of a new
product or service and security breaches that involve loss of data pre ticked and
opt-out boxes are no longer sufficient for proving consent donors must actively
opt-in to receive communication including follow-up email marketing and
direct phone calls whether written electronic or oral statements tick boxes
and any other statement must clearly indicate acceptance requests for opt-in
consent must be clear and unambiguous using easily accessible plain language
catered to the person being communicated with it is not acceptable to withhold
goods or services from individuals who do not give consent for something
completely unrelated example free t-shirt for subscribing to email updates
claiming legitimate interest as the legal basis for collecting data enables
you to collect data however adequate reasons must be
provided whilst balancing your rights as a charity to collect data and the rights
of the donor greater clarity must be given within privacy policies about
exactly what the data will be used for and how long it will be held simply
saying it’s for fundraising is no longer sufficient all data
collection forms including telephone scripts must be kept proof consent was
granted individuals have the right to revoke data consent at any time and they
must be made aware of this right the process of unsubscribing must be just as
easy as subscribing charities have a duty of care for both
their vulnerable client base and their donors the gdpr requires charities to
invest in security as a minimum consider to be good enough to meet the duty of
their care to their donors and clients adequate security measures must be in
place to protect the personal data they store in process however often charities
lack the expertise to understand the risks they face they may wrongly believe
they are avoiding risks or accept risks without understanding the implications
thanks for watching the GDPR for charities video subscribe to our channel
for more on how to tackle the EU GDPR and feel free to watch more videos from
our GDPR our IQ series here don’t forget to check out our website or follow our
social channels thanks again and look forward to seeing you

    SUBSCRIBE to the Channel: ⭐

Leave a Reply

Your email address will not be published. Required fields are marked *