Time To Get Your Charity Ready For GDPR!

A lot has changed in the online world in the last 20 years, as we have gone from experimental MIT researchers with dial-up connections to teenager vloggers with millions of fans on smart phones. There is a lot to be proud of in the ‘beyond-profit’ sector as charities have responded to this e-evolution and have taken advantage of technology to improve service delivery and transform communications and fundraising.

‍Meanwhile, legislation has struggled to keep up with rapid changes and protect the privacy of individuals’ personal information, with laws such as the Data Protection Act (DPA 1998) and the Privacy and Electronic Communications Regulations (PECR 2003) now widely considered to be outdated. To improve consumer privacy and protection, the EU has introduced new regulation – the General Data Protection Regulation (GDPR). Essentially, these new laws that succeed the DPA 1998 are designed to bring standardisation across the EU, and ultimately give back control and ownership of personal information to the individual it relates to.

‍In terms of compliance, this should be what all organisations should adhere to now, as it comes into enforcement on 25 May 2018. The GDPR applies to any “Data Processors” or “Data Controllers” within the EEA or those operating outside the EEA that process data on EEA residents.

‍Many of the core components in the GDPR are made up from the DPA 1998. However, there is now more emphasis now to “walk the walk” rather than just “talking the talk”. The GDPR codifies the concept of “accountability” to ensure that Data Privacy Impact Assessments (DPIA) are carried out where there is a risk to the rights and freedoms of the “Natural Person,” or individual. So, if you say you are compliant with the GDPR, you will now have to prove it!

‍Adam Bryan, Director of Partnerships and Innovation at the Institute of Fundraising (IoF) says,

It’s important that charities start preparing for GDPR now. You will need to continue to contact your supporters in a way that is fair and lawful and also right for your organisation. Work will need to be done to make sure you have the right consent statements and understand how the changes in the law may affect you. We know our members are committed to excellent fundraising and giving their donors a positive experience, which will continue after GDPR is implemented.” During June and July of this year, the IoF is running a series of seminars in cities across the UK to help charities to be GDPR ready.



‍Adam Bryan, Director of Partnerships and Innovation at the Institute of Fundraising

‍At Lightful, we have created a 12-part series on GDPR and how you can ensure that you are confident and compliant on 25 May, 2018.

We will be releasing each guide to our community site. Sign up here to make sure you don’t miss out on all of this:

1. Introduction – what is GDPR and how will it affect me?
2. Data Governance – who is responsible for your data?
3. Our reading list
4. Data Mapping – do you know where your data lives?
5. Your database + consent
6. Marketing + PECR – what you need to know
7. Using third parties, and the rights of the individual
8. Helpful training for your staff
9. Breaches – what to do if it happens
10. LIVE WEBINAR – Q & A with Lightful’s Data Protection Officer, Andrew Cross.
11. Lightful Helps – how we can help you
12. Data Protection quiz – what are your risk areas?

Andrew Cross