GDPR Keeps Me Awake At Night

On 25 May 2018 the law known as GDPR i.e. General Data Protection becomes a reality and we had better be prepared. On one hand it is the law and we should read it carefully and obey. On the other it may be going too far in restricting civil society from raising the funds it needs to combat the very real problems that governments and corporates are just not tackling. This may be homelessness, mental illness, cancer research, pollution of the seas and climate change, etc – just in case you were in any doubt of the role fundraising played in your life.

Though Cathy Pharoah at the Centre for Giving and Philanthropy’s latest research shows the total voluntary income of the top 100 charities reached a peak of £5.6 billon last year, the thought of GDPR cutting back charities’ ability to communicate with their donors sends shivers down my spine at the suffering the poor and vulnerable will endure as services are cut back when income declines. Regulation is not a victimless crime.

 

If you make a donation to a charity what is reasonable to expect? Am I alone in thinking that we expect to have a polite thank you letter, an invitation to join if it is a membership organisation and to be informed how the money is spent. Naturally, we would also expect the charity to ask us to give again wouldn’t we? That is part of the business of charities and an entirely predictable and acceptable part of life. How much and how often we received these communications would depend on how much and how often we gave.

At some point our giving may level off, and we would expect the charities communication with us to level off too. If we take part in events we would expect to learn more about events, and if we never go to events we would expect that we wouldn’t be invited to every event, but we would certainly be surprised if we had never been invited to any events. Overall, we would expect the charity to understand and respond to our express level of interest and not have to sign up at once to every single thing the charity may wish to use our address.

The means charities use to communicate with us may be diverse, and donors should have an option in that and expect our wishes to be observed, but advice on the GDPR legislation seems to be very restrictive, advising charities that a donor’s contact details are only to be used for a very limited purpose i.e. that explicit purposes for which it was originally given e.g. to process a donation.

GDPR talks of clear and obvious consent which rather moves away from what we think about our transactions from accepted custom and practice, which anyone can object to, into the realm of 1984 where you need to know exactly what was in someone one’s mind when they made a donation; and you would be advised to assume it was completely blank of any idea you might respond to like a human being. Instead, you must seek explicit granular consent for any processing you may consider for that data and record it carefully.

Fortunately, there is a possible get out clause which is ‘legitimate interest’:

“It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.”

So, be careful, be very careful, in how you react to GDPR. No one wants to take part in the first court case though without some actual cases we won’t know exactly how the courts will interpret the law.

My advice is to read the law not just the advice about the law (lots of very clear advice is given by Daniel Fluskey at the Institute of Fundraising (IoF) and by the Information Commissioner’s Office (ICO) both of which will be cautious. Be bold but not reckless!

 

Of course, all this is very far from the type of usage that Facebook allowed Dr Aleksandr Kogan, AKA Dr Spectre (I kid you not), of its personal data and of the data its apps can still gather from us by their default settings. App spoiler alert – adjust your app settings now.

I am eagerly awaiting the fines that the ICO will impose on Facebook following the fines they imposed on charities last year. Hopefully they will be proportional to the offenses. Nothing much wrong with wealth checking major donors (they all expect you to do that), but undermining western democracy and giving Trump a decisive lead – that’s quite a fine in my book.

John Baguley, Chair, International Fundraising Consultancy