GDPR (almost) one year on - How does compliance look to you?By Kirsten Hill | News Fundraising Mailing Marketing | 18 February 2019
It has now been almost a year since GDPR became enforceable by law, so we thought this would be a good opportunity to consider how it has impacted your organisation.
As we all remember, GDPR came in to effect on 25th May 2018 to change the way organisations hold data and how they contact their supporters/customers. It is there to protect people’s personal data and to make sure that organisations only store and use data where they have permission to do so, or where another legal basis for processing can be applied. There are 6 legal bases on which processing can be applied and these are as follows:
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
How has GDPR impacted the databases of organisations?
According to a recent survey which was taken by 176 charity workers and conducted by nfpSynergy in conjunction with Third Sector:
- More than half of charities surveyed have seen that the number of supporters they contact by email has decreased due to GDPR
- 37% of the respondents also said that their postal database had decreased to some extent
- 20% of respondents claimed that their phone database had also decreased as a result of compliance regulations.
After reviewing the research, founder of nfpSynergy, Joe Saxton stated “Given that people have spent years building up these databases of supporters, this could mean a large set of income-generating and relationship-building opportunities are no longer possible. Some organisations have seen their opportunities to raise money severely diminished”.
Our own data, process and compliance manager has noticed that an increased caution and awareness of litigious action, has undoubtedly led to a reduction in some mailing quantities of our clients.
We are aware of instances in which organisations have unfortunately discovered that since the introduction of GDPR enforcement they have significantly reduced their databases of contactable supporters due to taking an extremely cautious approach to GDPR.
Even if you think they may have changed their mind, or not seen your original communication, it’s not possible to go back to previous supporters who you’d asked to provide consent for communications but didn’t hear back from. Whilst these previous supporters must unfortunately be forgotten about, focus can now be fixed on acquiring and retaining new supporters.
As we reach the one year anniversary of GDPR it’s also been noted that organisations are considering different approaches to address the loss of supporters. Examples include:
- Producing impact reports that highlight the shortfalls caused and then circulating these as a way to both raise awareness and encourage contact (from new and old supporters)
- Including articles in charity newsletters in the hope that they are seen by readers and their family/friends and other members of the community etc depending upon the circulation of the newsletter or magazine.
What actions are you taking to acquire new supporters in light of GDPR?
Of course, it should be remembered that organisations can also use legitimate interest in certain circumstances when it comes to contacting their supporters. Organisations may be able to rely on legitimate interests for data processing of:
- Postal marketing
- Emails to existing customers/supporters using the soft opt-in option (B2B only under PECR)
- Telephone marketing to individuals who have not previously objected to you, or numbers which are not listed on the Telephone Preference Service (TPS)
If your organisation uses legitimate interest as the basis for processing data, you must undertake balancing tests such as a Legitimate Interest Impact Assessment (LIA). Click here to find out more about the Assessment.
GDPR – what has the overall impact been for charities so far?
Many charities have said that preparing for GDPR was a huge task that took many hours to ensure that they were compliant. They have also stated that it has limited the charity’s capacity to carry out their mission by affecting their ability to contact their current supporters and gain new ones.
However, despite a few negative comments within the charity sector, 70% of charities surveyed (within the post GDPR survey conducted by nfpSynergy and Third Sector) have said that GDPR has helped their organisation get its data protection process in order, and half of the respondents said that they felt that GDPR would help improve trust in the charity sector.
Did you know we can help your organisation?
At Yeomans our experts in data and compliance can help organisations like yours to ensure that they are in line with the law and are communicating to their supporters and holding data in the correct way.
We have many years of experience in the fundraising and marketing sector, (and have attended many training courses and webinars on GDPR) so are well placed to offer support and advice, provide a sounding board for your ideas and to perhaps even provide an independent voice of reason where it may help.
If you’re looking for additional advice on GDPR or would like to find out more about the impact it has had in the charity sector, we also hold GDPR masterclasses. Details of our upcoming masterclasses can be found here.