Charities: How GDPR compliance can work for you

1 November, 2017

There is little dispute within the charity sector that the prospect of preparing for the General Data Protection Regulation (GDPR) and its potential impact on charitable organisations is daunting. This is entirely understandable as the consequences are so vital. After all, a failure to comply could mean that you are left unable to contact current and potential donors, resulting in a future funding gap.

Some charities, such as the RLNI, have already taken the plunge and made the decision to stop contacting individuals by telephone, email or post unless they had actively given their consent for the charity to do so. padlockWhether or not this would be the right approach for your organisation must be decided on a case by case basis, and certainly this will not be the case for all.

The good news is that there is still time to ready your organisation’s systems so that the changes in legislation represent an opportunity rather than a threat. By focusing on improving your marketing and fundraising activities and processes, charities can actually strengthen relationships with donors and encourage greater levels of engagement.


Here are our top tips:

• Evaluate your marketing initiatives: Consider whether or not they are giving your supporters a reason to want to hear from you in the future. For example, offering tips and advice relevant to fundraising activities or events.

• Understand your supporters: Take the opportunity now to get their consent for you to keep in touch with them. Getting this now will minimise the risk of a funding gap later.

• Tailor the message: Ask your supporters what they are genuinely interested in hearing about. Consider giving them choices. For example, do they have an interest in hearing about opportunities for volunteering? Do they want details of particular fundraising events and, if so, what types of events? Such pro-active engagement will create trust and also enable you to develop longer term strategies to maximise funding.

• Build trust and respect: Explain how you will respect the personal information of supporters and potential donors when you get it. This will involve some leg work now but they will value the organisation for it in the long run. Be clear as to how it will be used and equally what you will not be doing with it. Be specific about how you will be contacting them and how often.

• Know the data: Consider what data you are holding and what consents have already been given. Determine whether that is sufficient given the forms of direct marketing undertaken by your organisation. Charities may actually find that the consent they already have is sufficient for their purposes.

• Finally, don’t assume: You don’t need consent for all forms of direct marketing. While emails, texts and automated phone calls are more strictly regulated, charities may still be able to contact supporters by post and make live phone calls on a “legitimate interests” basis.

To help provide more clarity around the various aspects of the GDPR and provide organisations with a clear way of achieving compliance we have created a GDPR Hub

To keep the process as simple as possible, we have developed a five-step approach to GDPR compliance

This provides you with a straightforward approach and explains what you need to do and how we can help you.

If you would like more advice or to speak to one of our GDPR team, please contact Rhona Darbyshire