Stephen Cotterill: Charities need to get their ducks in a row over GDPR

09 May 2017 Voices

It will soon be open season on those who transgress data regulations. Time for charities to get their ducks in a row.

Data. Some people live and breathe it. Eat, sleep and drink it. The rest of us not so much. But as next year’s EU General Data Protection Regulation hoves into view, it may benefit all of us to pay more attention to how we use and store data.

One of the more startling results of our annual CRM survey this year is that 20 per cent of the 350-plus respondents were only “a little bit” or “not at all” confident that their current system would allow them to be compliant with new regulations. Just 12 per cent were “tremendously confident”. And this was for compliance with the Fundraising Preference Service, which is child’s play compared to the potential complexities of GDPR.

Recent adjudications by the Information Commissioner’s Office highlight the concerns people have about how charities have been using data. Although the fines were relatively small – discounted up to 90 per cent in some cases – the judgements were damning, with a total of 13 charities found to be in breach of the Data Protection Act. In a statement Elizabeth Denham, the Information Commissioner, said: “No charity wants to alienate their donors. And we acknowledge the role charities play in the fabric of British society. But charities must follow the law.”

It is unlikely that those doling out punishment for breaching GDPR will be so understanding. Fines are set at maximum of €20m or 4 per cent of annual worldwide turnover – a different league to the ICO levies.

Data protection experts have been warning about the ways charities handle donor information for years and the ICO has rapped a few knuckles. But if you are unsure at this point if you will be compliant come May 2018, then now is the time to get familiar with what is expected from your data systems.


More on