Charities should go beyond the legal requirements and use new data protection rules as an opportunity to improve fundraising and increase public trust in the sector, experts said yesterday.
Daniel Fluskey, head of policy and research at the Institute of Fundraising, told delegates at NCVO’s first regulation conference yesterday that just complying General Data Protection Regulation, which comes into effect in May, will not be enough to ensure excellent fundraising.
He said: “If all you are thinking about is compliance you aren’t going to raise any money.”
Fluskey suggested that charities could tell supporters what they need to in a “friendly” way that would make them want to continue to hear from the charity.
He added that charities should be thinking about it from the “supporter’s perspective” to “give them a great fundraising experience”.
‘Why is GDPR so hard?’
Fluskey also questioned why the sector was finding the move to GDPR difficult.
He suggested part of the reason is that it requires a “culture change” within organisations.
“The most important bit about GDPR is accountability,” he said. He said charities needed to understand what data they have and how it is being used.
In most cases “you won’t be able to Google something and find the answer” he said, because it is about each organisation “thinking it through”, “being informed through guidance” and then “making the right choices for your supporters”.
‘It is about doing the right thing’
Speaking earlier in the day, Stephen Dunmore, chief executive of the Fundraising Regulator, said that ultimately it is “about values and doing the right thing”.
The Fundraising Regulator is about to publish guidance for charities about complying with GDPR to help charities get it right.
“This is not about the ICO or the Fundraising Regulator turning up on the door in May to take enforcement action,” he said.
The regulator has worked with a number of partners on its advice, including the Charity Commission, NCVO and the ICO in what Dunmore said was a “joined up way”.
Helen Stephenson, chief executive of the Charity Commission, agreed that regulators were taking a joined up approach and said the Charity Commission would not produce its own guidance and instead signpost to others.
She added that complying with data protection rules was “about values”. She said charities need to demonstrate “that you have thought about the issues and have a clear plan in place”.
Steve Wood, deputy commissioner (policy) at the ICO, said that although GDPR is described as a “evolution not revolution” charities shouldn’t “downlay the important work” that needs to be done or the “step change” in the rules.
He urged charities to “build transparency into user experience” and make sure the have the right governance and understand their data.
Wood added that the ICO will produce guidance on legitimate interest shortly.
‘Live our values’
Sir Stuart Etherington, chief executive of NCVO, opened the conference by urging charities to go beyond the legal minimums and “be the gold standard”.
With the Charity Commission’s budget under pressure he said it was for sector bodies to “step up”.
He said that NCVO’s “own research shows putting donors in control could increase public trust”.
If charities get GDPR right there is an “opportunity to increase public trust” he said.
There is a “wider need to maintain, and in some cases restore, public trust,” he told the audience.
Etherington said that sector has “worked hard” since the Charity Commission reported that trust in the sector had fallen.
“I hope that the public has taken notice,” he said.
“Of course charities want to live their values by being transparent and respecting donors and service users,” he said.
He said the sector’s reaction to the Presidents Club scandal showed that the sector was “thinking long term” and “going beyond what is required by the law”.