When the General Data Protection Regulation (GDPR) comes into effect on 25 May 2018, UK charities will need to update any inaccurate supporter data they might hold or potentially risk major fines – up to €20 million or 4 percent of global turnover, whichever is greater.
The GDPR states that there must be a recognised legal basis for the processing of supporter data, such as consent.
However, charities shouldn’t see the GDPR as just a regulatory headache – in fact, as a major opportunity to improve the quality of supporter data and engagement, it could very well have a positive impact on organisations’ ability to raise funds.
Because make no mistake: poor-quality supporter data is hurting the charity sector in this country. There are varied causes of this problem. Data may be inaccurately recorded at several different points in the data-capture process: the point of data entry, database conversion or database consolidation. Alternatively, it may be that information simply isn’t being kept up-to- date or validated correctly.
The latest Insight Report from RMDS – ‘The GDPR and its Implication on the Use of Customer Data’ – quotes research from RMDS which shows that while 87 per cent of organisations use websites as their primary channels for data collection, only 44 per cent automatically validate it at the point of online entry. The research also indicates that the biggest contributors to poor-quality data are incomplete, out-of- date or duplicate records, with marketers complaining that this is one of the main reasons they are unable to do their jobs properly.
Obtaining supporter consent
There are various stipulations that charities need to follow in order to be compliant with the GDPR. And certainly, data accuracy needs to be addressed, with incorrect supporter data erased or rectified as soon as possible. But it’s the ways in which the new regulation aims to put citizens in control of their own data that dramatically impacts how organisations hold this information – and what they can do with it. Unless certain exceptions apply, supporters may not be subject to automatic decision-making – for example, as carried out by profiling technologies such as CRM – and may request a copy of their data in an easily accessible format. They will also have the right to opt-out of any type of direct marketing, while organisations will continue to require their opt-in consent for electronic marketing.
But perhaps the most far reaching of the GDPR’s stipulations centres on the requirements for valid consent. Charities will need to demonstrate that, where they are relying on consent as the legal basis for processing, they have permission to use the supporter’s data, and that the supporter understands how their data is going to be used. For those charities that haven’t previously sought consent which meets the GDPR’s standards, the implementation of an extensive programme of re-permissioning may be required – yet the RMDS research shows that nearly half of all organisations (48 per cent) either have no plans to conduct a repermissioning exercise or do not know whether they will seek fresh permission.
Those organisations already handling supporter information correctly for postal marketing purposes may, following a review against the requirements of the GDPR, determine that they can continue to claim “legitimate interest” for data processing and avoid this step. But again, this places the onus on maintaining data accuracy at all times – if supporters aren’t being accurately communicated with, it’s difficult to claim compliance with the GDPR.
In addition, using third-party supporter data for marketing purposes presents a particular challenge under the GDPR. Charities must assess any external data to ensure that it is GDPR-compliant. The RMDS research showing that nearly half (49 per cent) of organisations now rely solely on data they have captured themselves. This compares to just 39 per cent of organisations relying solely on their own data in 2014.
Reinforcing supporter relationships with the GDPR
At the heart of the GDPR is a push to improve the accuracy of data. As such, it represents an opportunity to reinforce the strategic importance of building strong, sustainable relationships with supporters based on a real appreciation of their lifestyle choices. Paring back poor-quality data may potentially lead to lower volumes of supporter information, but the data will be of a higher quality and may lead to higher engagement and subscriber rates.
To develop trust-based relationships with supporters, data about them needs to be consistently validated from the moment it enters an organisation, by whatever channel. But after basic data accuracy has been achieved, the next stage of building trusted relationships with supporters is to meaningfully personalise communications with them. Charities may be reducing their use of third-party data providers in order to promote GDPR compliance, but this could also mean that new outreach and fundraising opportunities arising from supporter life events – such as moving house, acquiring a mortgage, getting married and having children – are being missed.
According to the RMDS research, 61 per cent of marketers consider enhancing information with life-event data useful for nurturing relationships, as it presents a reason to engage with supporters and can help develop new fundraising opportunities.
A vital spur
While the RMDS research reveals that some organisations are still struggling to meet the GDPR standard, this new regulation is nevertheless a vital spur to encourage charities to update their data-hygiene practices and in so doing, significantly improve the relationships they have with their supporters and boost fundraising efforts.
Jim Conning is Managing Director of Royal Mail Data Services.
Get free email updates
let us keep you up to date with fundraising news, ideas and inspiration with a weekly or daily email.