How GDPR will impact the charity sector

With the new General Data Protection Regulation (GDPR) coming into force in May 2018, now really is the time to think about the implications this new law will have upon businesses and not-for-profit organisations. However, despite this, 24% of companies have yet to start a GDPR plan of action.

Interestingly, the GDPR has made no special provisions for charities, and they will be held to the same data protection standards as regular businesses and organisations. Therefore, as a sector that relies heavily on direct mail and fundraising initiatives to continue to provide vital services, charities must be prepared to implement this new law at every level of their organisation - especially in their marketing.

Here is our rundown of what you need to know about the GDPR and the opportunities it can provide for you to revitalise your marketing.

Up until now, the majority of the UK’s data protection has been regulated by two laws: the 1998 Data Protection Act and the Privacy and Electronic Communications Directive Regulations of 2003. However, starting from 25th May 2018, these will be replaced by a new European directive: the GDPR.

This is the first major revision of European data protection laws and comes in response to calls for more regulation in the ever-evolving digital age, where consumer data is held by brands almost everywhere. Although the UK has voted to leave the EU, experts predict that this process will take several years to fully complete and, in the meantime, the UK will still have to comply with the GDPR policies.

The central premise behind the GDPR, besides harmonising data collection practices, is the balancing of individual and business rights through transparency and accountability. Businesses that have reason to collect and maintain data can continue to do so, but they must provide more justification for why they are doing this. As a result, the GDPR provides more clarity as to what defines consent, legitimate interest and personal data.

• Pre-ticked and opt-out boxes will no longer be sufficient for proving “consent” – data subjects must actively opt-in to receive different forms of communication, including follow-up email marketing and direct phone calls. This can take the form of written/electronic/oral statements, tick boxes and any other statement that clearly indicates acceptance.

• Requests for opt-in consent must be clear and unambiguous, using easily accessible plain language catered to the person being communicated with.

• It is no longer acceptable to withhold goods/services from individuals who do not give consent for something completely unrelated (e.g. free WiFi for subscribing to email updates).

• The definition for what is considered “personal data” has been expanded to include online identifiers (such as IP addresses and location information).

• While some data can be collected if it is claimed as “legitimate interest”, adequate reasons must be given for what legal basis there is for collecting this data - the business must balance their rights to collect data with the rights of the consumer.

• Greater clarity must be given within privacy policies about what exactly data will be used for and how long it will be held - simply saying “it’s for fundraising” will no longer be sufficient.

• All data collection forms, including telephone scripts, must be kept proving consent was granted.

• Individuals have the right to revoke data consent at any time and they must be made aware of this right. The process of unsubscribing must be just as easy as subscribing.

Many people in the charity sector are nervous about the effect that this new regulation could have when contacting previous donors as part of future fundraising campaigns. And this is a completely reasonable concern to have as charities will need to develop company-wide structures and processes to ensure that the new legal requirements are being met.

However, it is also important to remember that the GDPR is merely an extension of previous data protection laws and not a complete overhaul (as many are thinking). The aim of the law is not to restrict, but to merely clarify previously ambiguous regulations and ensure consumer rights are protected.

In fact, in this respect, GDPR could offer huge opportunities.

It’s no secret that charities have had difficulties maintaining public trust over the past few years and data has been a large part of the problem. Currently, only one in four UK adults trust businesses with their personal information and, in particular, 6 in 10 adults have reported finding it harder to trust charities after recent bad press. Because of this, GDPR could be the perfect catalyst to turn this reputation around and begin afresh with the donating public.

Take email marketing as an example. Its best practice dictates that subscriber databases should be continually reviewed so that they only include those who really want to be contacted. While this will inevitably make the contact list smaller, those who remain will be particularly committed consumers who are more likely to engage. GDPR should be thought of in the same way – by streamlining your follow-up campaigns to only your most dedicated supporters, you can maximise interest and make sure that you aren’t wasting your resources.

With less of an audience to reach, it becomes more important than ever to make every piece of marketing communication count by ensuring that it is targeted, relevant and inspiring. GDPR will not stop follow-up charity marketing in its tracks, it will simply usher in a new way of approaching communications.

For instance, in one recent study 47% of people said that they would opt-in to receive communications about what a charity did with the money donated or the impact of their work. This shows that a significant portion of the public are still open to having a continued dialogue with the charities they donate to, just on different terms. Think quality over quantity. By making your creative for these emails bold and engaging, you can remind previous donors of the great work you do and how they can get involved through donating, fundraising or volunteering.

Of course, to rethink your advertising approach will take a unique combination of data planning, fundraising expertise and marketing know-how. By reaching out to agencies who specialise in the charity sector, you can develop a comprehensive GDPR-proof strategy that will engage potential advocates in conversation, pique their interest, make them curious and connect with them in the right places, at the right times.

Accord is a marketing agency that specialises in the charity and not-for-profit sector. Our integrated portfolio of services provides clients with innovative, targeted and creative campaigns that raise brand awareness, secure donations, attract new support and give people the tools and motivation to get involved. To find out more, get in touch today.