In Simple Words
The General Data Protection Regulation (GDPR) was designed to harmonise data privacy laws across the European Union (including the UK) and reshape the way organisations across the region approach data privacy. The aim of the GDPR is to protect and empower all EU citizens from privacy and data breaches in an increasingly data-driven world.
When do we all need to be in compliance
The GDPR will apply in the UK from 25 May 2018. It applies to ALL organisations, regardless if they are companies or charities.
The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
What types of privacy data does the GDPR protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
For a more complete description of GDPR requirements, see here.
How GDPR affects YOU as a charity organisation
In order for consent from your supporters to be considered valid, your organization must adhere to the following 4 conditions:
- Data must be freely given: The individual must consent without force, and they don’t have to give unnecessary details in order to donate or participate in an event
- Data submission must be informed: Communication must be very clear with regard to what is being asked of them, and how they opt in or out
- Data consent must be specific: An individual’s consent for one specific occasion can’t be applied to future instances, and can’t be changed later without further approval
- Data consent must depend upon a positive action to indicate: An individual must tick a box, click “yes,” or complete a form to indicate consent. Absence of action isn’t allowed.
To avoid fines, you as a not-for-profit organisation will need to start thinking about how you’ll ensure that supporters and donors aren’t contacted once they’ve withdrawn consent.
GDPR will give you the opportunity to re-organise your database and implement new processes to ensure that your donors’ data is stored appropriately.
DonorPerfect is here to help!
As a cloud-based, award-winning solution, with an experienced team in the UK and worldwide success, DonorPerfect is the logical choice for fundraisers. We are committed to helping you get on the right track with the new GDPR regulations and will assist you in every step of the way.
Prior to May 25th, we recommend that you contact your supporters to get their consent, either by phone, email or letter. Visit this page again in November to find templates that you can use and a calendar to keep track of actions taken.
How WE are responding
As always, we care about the success of our customers and endeavour to make sure that DonorPerfect adjusts to government regulations as they occur from time to time.
DonorPerfect’s commitment is to do everything in our power to make our DonorPerfect Online system compliant to GDPR, so that YOU are compliant as well.
The update to our system has been prototyped and is already available. It will be deployed to all EU and UK clients before the end of the year, with a target date of December 1, 2017.
This way, it will allow you plenty of time to contact your supporters to capture their consent.
More information will be shared via email and added to this webpage shortly. You can expect to see our implementation strategy, as well as screenshots of the screen updates, how it is going to work, and when we will release the new update on an ongoing basis.