Not-for-Profit Blog

The Data Protection Act is changing. Are you prepared?

The GDPR is coming into effect in May 2018, you may think this is too far away to be thinking about currently but now is the time to review your compliance and start preparing in order to ensure your organisation remains compliant. 

On Tuesday 6 December, we held a free data protection seminar at the RSA in London for charities, membership organisations and educational establishments with data protection experts Protecture. With the Fundraising Preference Service due to launch next year and data protection rules changing under General Data Protection Regulation (GDPR) in May 2018, it’s vital that charities understand the upcoming changes to data protection regulations and ensure that they are compliant in time for the changes.

Mishandling data can have serious consequences and lead to fines or penalties. The Information Commissioner’s Office (ICO) has  imposed fines on the RSPCA and British Heart Foundation for breaking data protection laws following a Daily Mail article, which exposed malpractice. According to the ICO, the charities breached the Data Protection Act by failing to handle donors’ personal data consistent with the legislation.

How can you ensure that you are not in breach of data protection laws? Read what our expert, Gary Shipsey, MD of Protecture, had to say at our seminar:

Opt in vs opt out, purpose and transparency

Whilst it may seem that the tabloid press has targeted charities lately over their fundraising practices — particularly the amount of unsolicited correspondence charities send — the Data Protection Act applies to every sector so it’s essential to understand what it entails and particularly what ‘opt in’ and ‘opt out’ actually means.

Gary explained that opt in means that someone has freely given specific and informed consent to be contacted by your organisation whilst opt out means that they have exercised their right to opt out of direct marketing.

It’s important to remember that relationships change over time and that your supporters may engage with different parts of your organisation – for example, they may have first contacted you via your helpline but now they are an events volunteer – they may move on because their circumstances have changed or they may simply change their mind and decide they no longer want to hear from you. It’s important that your CRM system can reflect these changes so that you do not breach data protection regulation.

What can you do now to prepare for the changes?

Understand the current rules around data protection. If you are not familiar with the latest GDPR, make sure you understand it fully before the changes kick in. Whether the UK is still in Europe or not, the UK will have equivalent legislation. The ICO has a guide to data protection on their website.

Any data that you hold should serve a purpose and should be reviewed regularly. Not all supporters are interested in every aspect of your organisation but they may be interested in hearing about more than one area — for example, some supporters are interested in fundraising events as well as the latest research news. The team at the seminar described how personal preferences should be observed. Do you have a self-service preference centre where supporters can opt in or opt out of your various types of communication and indicate their interests? If you can, provide your contacts with the ability to set their preference and receive what is relevant to them rather than leaving supporters or members with a binary choice where they may unsubscribe from all communication.

Ensure your data protection statement is legible and clear in order to be transparent. When designing the data protection statement for your website or fundraising materials, don’t try to cram it into a tiny paragraph merely to tick a compliance box. Write it in plain English and ensure it is prominently displayed.

Educate and inform supporters of the upcoming changes so that they are not surprised. An informed audience can make informed choices. RNLI have chosen to be one of the first charities to adopt an ‘opt in’ approach and are communicating this change in a variety of ways – from articles in the media to Facebook adverts. As a result, their first opt-in appeal has trebled response rates and resulted in significantly higher take-up than expected.

Ensuring that your data has a purpose, is transparent and that you are compliant with data protection laws will lead to greater trust from your supporters as well as increased confidence in the sector.

Read our top tips on how to improve your data management in relation to data protection.