General Data Protection Regulation (GDPR) will come into effect on May 25, 2018 replacing the current DPA standard of consent. With the current spotlight on Facebook’s data use and abuse this may be a timely change but not one many charities will have budgeted for.
The GDPR applies to ‘personal data’ or any information relating to an identifiable person including name, id number, location data, email or online identity. Special categories including genetic data and biometric data are subject to further rules.
Action for Charities and Not for Profits.
- Check with the Information Commissioners Office to understand the new rules. It covers all personal data including that for donors, members, grantees, customers and service recipients
- Take the new law seriously as significant penalties up to €20million may be imposed by regulators for noncompliance and there is no period of grace.
- Review your data control, processing and collection in the context of marketing and fundraising, program service delivery, member services, and other relevant issues.
My mail this weeks included a costly but well meaning communication asking for permission to ‘say yes to staying in touch’. There was a reply paid envelope and the full colour printing to cost into the exercise which deliberately did not ask for any donations.