So what is GDPR?!
GDPR stands for “The General Data Protection Regulation” a privacy law from the European Union that goes into effect May 25, 2018. Even though it’s a European Union law, many Canadian NFP’s are paying close attention as GDPR is setting a new standard.
Will you be impacted?
GDPR matters for you if your business operates out of the EU, or if have an online business where customers from the EU could sign up to your email list through a newsletter sign up or if you will collect their information through a donation process.
Three important steps to consider.
First, ensure your organization is aware of the upcoming changes and discuss what impacts it may have and what your team will need to consider.
It’s important to note the GDPR new consent standard also applies to your existing list. So your second step should be to check any current subscription lists to see if you have any European addresses in your contact files. Consider sending a re-engagement campaign to those in the EU who need to reconfirm they want to stay on your list (similar to many CASL compliance processes undertaken when Canadian laws were changed). Anyone who doesn’t give consent by May 24th must be removed from your lists.
The third step you should undertake if you have EU donors is to revisit your privacy policies. Under the GDPR, you are required to inform people of certain information and you have to give them information to get informed consent. Your privacy policy is a great tool to meet this requirement as it should outline what information you are collecting, why you’re collecting it and what you are doing with it.
Where can I learn more?
We thought we’d give you some resource links that our clients have shared and that we’ve found to be helpful. Note that we are NOT GDPR experts. Please make sure you do your research and understand how it affects your NFP and what your organization needs to do to be compliant.
The GDPR portal: https://www.eugdpr.org
And another helpful UK overview from ICO (information commissioners office)
A CSO Article on GDPR Requirements, Deadlines and Facts
And also check with your fundraising software provider. Almost all have resources to help clients – for example, Blackbaud’s GDPR Overview or Salesforce’s
And if you are new to marketing and not aware of the Canadian Anti-Spam legislation mentioned above (CASL) a helpful place to begin your research on it via Ontario Nonprofit Network
Best wishes for a smooth implementation if you’re working on GDPR compliance in your NFP!