How to Ensure Your Charity is GDPR Compliant

On May 25th, the GDPR introduced new rules and regulations that changed the way charities can contact current and prospective donors. Many of the techniques charitable organisations have been using for almost 25 years no longer comply with the new GDPR regulations.

It's essential that fundraisers comply with these changes, as it’s now effectively law and could open them to lawsuits should they fail to follow the correct procedures when promoting their charity.

Charities Tripped Up by GDPR Lose Donors

Many charities were tripped up by the changes in GDPR, because they believed they had to inform their donors of the new regulations. They sent emails requesting GDPR compliance, but because they are charitable organisations, their mailing lists fall under the ‘legitimate interest’ section of ICO’s guidelines so, they don't have to fulfil this obligation.

This resulted in several charities losing a considerable number of donors as not everyone clicked the ‘yes I accept’ option. Many small charities are facing bankruptcy due to GDPR and it highlights why it’s so important to read ICO’s guidelines.  If you run a charity post GDPR it is more vital than ever to ensure that your organisation understands the new regulations.

Charities are Committing High Numbers of Data Breach Offences

The British and Foreign Bible Society were fined £100,000 this year for a cyber-attack that was carried out in 2016 due to a security flaw in their IT network. This resulted in over 415,000 donators’ personal information being released. Information Commissioner Elizabeth Denham stated that: “No charity wants to alienate their donors... but charities must follow the law.

Other charities fined for data breaches include Oxfam, Great Ormand Street Hospital and the University of Greenwich.

Data breaches have increased by 75% over the last two years, with childcare, education and general business being responsible for the majority of breaches.

ICO’s Annual Report Shows Most Fines Ever UK

Charities have amounted £138,000 worth of fines according to ICO’s 2017/18 report. The report outlines key statistics and increases in the following:

  • Increase in data protection complaints + 15%
  • Self-reported breaches + 30%
  • Freedom of information complaints + 5%

ICO also saw a notable increase in written and telephone enquiries from both the public and independent organisations. In fact, the end of 2017 saw 30,000 more calls than the preceding three months. This was likely due to companies preparing for the GDPR changes that were to come into force in May.

Matt Moorut, Head of Digital Marketing at Tech Trust backed the somewhat negative statistics, claiming that the introduction of the GDPR is “a good thing for the charity sector […] it encouraged many charities to review their data policies – or create them – to better protect the rights of the people they’re looking to help.

How Charities Should Prepare for GDPR

To help charities better understand the changes involved in GDPR, the ICO outlined some FAQs which can be found here. In this FAQ guide, ICO gives advice on 12 specific areas related to the new GDPR changes. However, ICO also states that the guide is to be viewed as a general overview of what you can and cannot do and no further guidance will be published on their website.

Direct Mail on the Rise

If you run a charity, there are a number of ways to ensure your tactics are GDPR-compliant, and one effective way is direct mail. One month after the GDPR rolled out its new rules, The Mailing People saw a 37% increase in enquiries. While this may not be enough data to say there’s a direct link to the GDPR rules, it does highlight that companies are turning to alternate avenues to ensure they’re able to contact their customers legally. With direct mail you don’t need the consent of the recipient, whereas with emails and telephone you do.

Additionally, the Direct Marketing Association released a statistic highlighting that 89% of consumers can remember door drop mail, in contrast to only 17% of people opening emails relating to marketing and advertising. DMA also reported that 90% of millennials trust door mail over email.

Be Vigilant and Find a Service That Works for Your Charity

Following the rules of the GDPR is a fairly simple and obvious solution to avoid any associated fines. And while no one has yet received a fine as a result of the new GDPR rules, the fact that we saw more fines than ever handed out last year, is all the more reason to be vigilant and consider alternate ways to contact your customers.