GDPR stands for General Data Protection Regulation. The GDPR is a law on the data protection and privacy for all individual citizens of the European Union and the European Economic Area. GDPR Compliance protects the online privacy of citizens of the European Union. The reason nonprofits in the US and Canada may need to pay attention to this is because EU citizens may interact with nonprofits online. They share data on fundraising and nonprofit websites. GDPR compliance for nonprofits is about creating transparency and organizing data.
Let’s jump right to what pertains to your nonprofit. If your nonprofit processes the personal data of EU citizens, there are some guidelines for you to adopt. First things first, we’ll define what data is involved.
Personal Data in GDPR Compliance – What Nonprofits Need to Know
The personal data of donors, volunteers, trustees and beneficiaries is included in GDPR compliance. More specifically, the data GDPR compliance refers to is all personal data such as an individual’s name, email, identification numbers (ie social security number) and data pertaining to financial information.
Listed are the specific ways personal data may be used online by nonprofits:
- Peer-to-peer personal fundraising pages of a crowdfunding event
- Donors who give on your nonprofit website
- Donors who donate on event websites
- Volunteers who add their personal data to your nonprofit and event websites
- The personal data of beneficiaries added by your donors
- Personal data of employees
- Social media posts that collect data
- Newsletter sign up forms
- Vendors, sponsors and corporate sponsors
- Virtual volunteers – employees and employers
- Program inquiries and requests for marketing materials online
GDPR Non-Compliance – What Nonprofits Need to Know
GDPR Compliance exists to protect EU residents. Why does your organization need comply? There is a possibility of a fine up to four percent of an organization’s global revenue for non-compliance.
Another factor to consider in noncompliance is the perception that constituents may have about your organization. Your organization may experience a loss of support from partners, donors, and members if your organization is deemed to be non-secure or non-compliant. Your organization works hard to keep a positive public perception. An important aspect of nonprofit websites is making your constituents feel secure, being transparent and earning their trust.
What Steps Can Your Nonprofit Take to Comply with GDPR?
These 10 tips are a starting point for GDPR Compliance:
- Give all your employees training on the regulations. Anyone involved in data management, websites, fundraising and talking and writing to constituents need to know how to handle data and respond to inquiries.
- Assign roles as to who will be responsible for data protection. Create a team of database and CRM managers.
- Support your IT staff and get them working in liaison with marketing and fundraising teams.
- Be transparent in your website privacy language regarding GDPR compliance. Ensure that visitors can understand what data you’re collecting and how it’ll be used.
- Clearly inform your constituents how their data can be removed from your nonprofit website, CRM, fundraising websites, newsletter and email lists.
- EU residents have a right to request their consent be removed; create a system for doing so. This can get a little tricky since their data must be removed from all of your data systems. A nonprofit CRM has the power to keep your lists organized and make it easier for you to remove all data from an individual.
- Track all consent forms within your CRM. Track what individuals consented to and how their data would be used. Keep a record of revoked content requests. Lists within your CRM is a great way to manage this.
- Keep the personal data of EU residents only for as long as necessary, and solely for the reason it was collected.
- Stay informed of GDPR compliance laws. As they change, you’ll be ready to update your systematic approach.
- Review compliance laws and strategies with your legal team. Our tips are intended to be helpful in getting you started on the road to GDPR compliance. Yet it is important to take further steps in consulting your legal team.
How a Nonprofit CRM Helps Ensure Compliance
A Constituent Relationship Management (CRM) database can be geared to track and organize GDPR compliance efforts. CRMs are now more affordable and easy to use with new nonprofit CRM technology leading the way. Fundraising websites, donor management CRMs and nonprofit websites can be housed under one roof. In this way, they talk to each other and share your constituent information. Finding data should you need to remove it for an EU resident will be easy.
CRMs save the time of nonprofit staff members in GDPR compliance. Your staff are able to track and assist donors, volunteers and event participants. They are able to analyze how things are working and continually look at ways to improve by reviewing CRM lists.
Transparency on your websites is a key element, as is having a CRM to easily access and compile data on EU contacts. CRMs do much of the work for you so you can get back to fundraising and changing the world one step at a time. Give all of your staff members awareness of GDPR compliance – what your nonprofit needs to know.