The role of CRM for GDPR compliance for not-for-profits.
The final blog in this three-part series will explore specific requirements of the GDPR in a little more detail, including the importance of privacy notices and legitimate interests. It will also focus in on some of the specific steps you can take to ensure transparency with your supporters and fundamentally, the European Union.
Firstly, publishing a privacy notice is a key element of compliance with the General Data Protection Regulation. Privacy agreements and cookie licensing are all becoming much more important in terms of the GDPR law. Having this information live on your charity or not-for-profit website, via a pop up or on a privacy/site map page, will allow your visitors to know exactly what you are going to do, or not do, with their information.
Legitimate interests is an area of GDPR that can become a little confusing, mainly due to the vague definition of what it actually means and the number of varying interpretations that are available when you search for the term online. Legitimate interests applies to one of the six lawful grounds for personal data processing, and to claim legitimate interests, you MUST have a legitimate reason. This may sound simple enough, but when considering legitimate interests as a ground for processing data it is important to take note of the specific wording in Article 6 (1)(f):
‘Processing will be lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.’
The right to erasure, also known as the ‘right to be forgotten’, is another forward-thinking feature of the GDPR. In layman’s terms, it basically means that an individual has the right to ask for their data to be removed or deleted where there is no compelling reason for their data to continue to be processed. However, again, there are caveats and the right to erasure does not automatically provide an absolute ‘right to be forgotten’, there must be special circumstances, for example, if the data was unlawfully processed (breaches the GDPR), if the data does not comply with legal regulations, or if the individual withdraws consent – to name a few.
When considering some of these requirements of the GDPR (and these are just a few, you can read more here) and how you must, as a not-for-profit organisation, prepare for 25th May 2018 when the regulation comes into force, it is important that you look at your internal systems and establish if they are up to the job when it comes to being compliant.
After all, it is imperative that measures are put in place whether you are part of a small not-for-profit organisation or a national charity. The act of being transparent with your data controls and being open and honest with your supporters about what you are going to do with this information will put you in good stead when dealing with a potential GDPR mishap.
Our Microsoft authored product NfP 365, based on Dynamics 365, will allow you to see an overall view of your supporters, volunteers and donors – no matter how you interact with them, whether this is through direct mail, emails, social media platforms, or even SMS text messaging. By having a full, 360-degree view of your supporters and you supporter information, you can already ensure that you are setting the foundations to ensure GDPR compliance.
Tory Cassie explains, “Over the last couple of years we have created and honed our NfP 365 template, which has preconfigured functionality that is common across all charities. This includes taking into consideration Direct Debits, Gift Aid, and of course, of the GDPR. Taking advantage of the Dynamics 365 platform, we have been able to customise and configure NfP 365 specifically for charities and their needs.”
Our Microsoft based CRM solution NfP 365 manages:
Permissions & Consent Donations & Income
Security & Auditing Features Relationship Management
Gift Aid & Tax Efficient Giving Major Donors
Volunteer Management Social Network Monitoring
Financial & Retail Integration Dashboard & Reporting
Additionally, as NfP 365 operates purely in the cloud, charities can be sure that their data – whether that be the data of volunteers, supporters, beneficiaries or major stakeholders – is safe and secure. This is especially the case considering the Microsoft Cloud has UK-based data centres that specifically comply with UK charity legislation. What’s more, with seamless integration with Outlook email and Sharepoint, all charity data can be monitored and worked on in one place.
We’ve successfully implemented NfP 365 in over 80 not-for-profit organisations such as Amnesty International, Concern Worldwide, Dogs Trust and Christian Aid, which will officially launch in early 2018. Here at m-hance, we understand the needs of not-for-profit organisations and how charities need to protect themselves from the extreme penalties of the GDPR. An example of this can be seen by reading our Solent Mind case study.
Thank you for reading the final instalment of our GDPR blog series, for more information on GDPR, please read our GDPR eBook for charities and not-for-profits. Should you need to speak to someone about an upcoming CRM project, please contact us.
We will keep you and your not-for-profit organisation up to date with all the relevant developments surrounding the GDPR for the remainder of 2017 and early 2018, when the regulations are officially launched on 25th May next year.