How GDPR Applies to Charities and NPOs
Between fundraising, events, and charitable giving, non-profit organizations (NPOs) collect a ton of personal information, which makes them just as obligated as any other EU company to comply with GDPR.
Because marketing is such an important part of fundraising efforts, charities will have to pay special attention to the rights, and respect the wishes of, their supporters and donors, who may withdraw their consent to receive communication from them at any time.
The enactment of GDPR reiterates the four conditions that need to be present in order for consent from supporters to be valid:
To avoid fines, charities need to start thinking about how they’ll ensure that supporters and donors aren’t contacted once they’ve withdrawn consent or have objected to the charity’s use of their information.
Now is a good time for non-profits to begin embedding privacy by design into all business processes with regard to how systems store and process their supporters’ and donors’ data.
There are a few platforms that can help get you on the right track:
GDPR’s penalties are the same for any company, regardless of whether or not they are doing charitable work, so it’s best not to wait too long to prepare. Major data breaches could result in fines of 4% of your global turnover (or €20M).
The time to start thinking about this is today –– slow and steady will ensure that non-profits have nothing to worry about by the time May 2018 rolls around.