GDPR and getting to grips with your database
Charities everywhere are facing one universal concern right now. How to prepare for the impact of the General Data Protection Regulations (GDPR) when it comes into force on 25th May 2018.
Talking regularly to charities, we know one of the biggest challenges the majority of fundraising departments face starts and ends with data. Because getting to grips with GDPR isn’t just a matter of process, it means getting to grips with your database.
It’s fast becoming a burning question on the lips of many a fundraiser: how do you ensure your current data complies with the new regulations, as well as preparing for compliance in the future?
First and foremost – you need to check the state of your database. And the most effective way to kick start any data health check is by focusing on your supporters. Something Nick Daniel, Marketing Director at Dogs Trust, firmly agrees with: “Supporters have always been and will always be at the heart of our fundraising strategy. With the impending changes to the regulatory environment we sought to embrace the changes to improve our ongoing relationships with supporters.”
5W framework
When looking at your current supporters, you might find it helpful to run what we term the 5W framework. It’s a tool to establish:
• WHAT data has been collected.
• WHY it’s been collected and its purpose.
• WHO is using the data.
• WHEN the permission was granted.
• WHERE was the permission granted.
For fundraisers, the framework is particularly relevant when applied to donors. For instance, establishing the legal basis being used to ask supporters to give is an area of increasing scrutiny, as charities must only collect the information that is needed to provide the service they are offering. It is this legal basis for collecting and processing information that is troubling many charities. Whichever strategy is chosen it must be defendable if questioned by the public or the regulators.
Next, you need to start identifying risk and developing a data strategy in line with GDPR.
This can be achieved within a three-stage plan that includes:
- Consent Audit
- Income Analysis
- Donor priority
Advertisement
1. Consent Audit
It’s crucial you identify levels of consent.
“69% of senior marketers and fundraisers do not know the level of consent achieved by their current permission statement”.
Start with putting a number on how many supporters are on a fundraising database, and then begin to understand how to segment them in to different groups. Properly assess how you currently manage consent. And start to change your mindset from preferences to permissions. Make sure you can answer:
• How many of your supporters do you have consent to contact by channel?
• When and how was the permission given?
• How has that changed over time?
• What data sources do you need to consider?
To start to understand consent, look through the statements that have been used to gather permission to contact. These might be on old direct mailing packs or in recent appeals.
Collate these and then assess how legitimate that consent is and whether it has been given with explicit permission. Make your legal basis decision accordingly. And always be aware: consent is not the same as a preference.
2. Income analysis
We know it’s one of the biggest concerns across fundraising departments: the impact the new regulations will have on fundraising income. That’s why you should use your consent audit to properly analyse the risk in the level of your fundraising pre and post GDPR. By analysing the impact on donor income, you can identify the income that’s potentially at risk.
Consider how income that is currently being generated can be protected. And which channels of communication, or fundraising products, are going to be the most resilient.
Develop a forecasting model that can assess lots of different variables, but will include how many supporters are contacted each year, their response rates and attrition rates.
If you have a good grasp of data as we’ve detailed above, you should also have a good understanding of the current levels of consent. This means that reasonable assumptions can be made and scenarios can be worked up about the impact to fundraising.
3. Donor Priority
It’s vital you know who are your most important supporters. By prioritising your most valuable donors, you’ll know whose consent you most need, in order to raise funds more effectively.
Make sure to utilise data models that are designed to:
• get you to understand supporters and donors better
• accurately predict their future behaviour
• forecast fundraising more effectively
• spend effectively to yield the best return
These are three simple steps to get to grips with your database, for what can seem like a complex process. Three simple steps that are not only about preparing for risk-free compliance, but harnessing an opportunity to protect and generate income by getting ready for the new future in data. They are three simple steps to ensure charities can understand the real value of data, to transform fundraising strategy and engage with supporters more meaningfully. To be GDPR-ready and beyond, in ways that will grow support and improve outcomes.
Andrew Sargent is Consultant Analyst at Wood for Trees Ltd. Wood for Trees makes things happen through data analytics and insight. We collaborate with some of the world's best-known charities and not-for- profit organisations to improve fundraising efficiency and performance.
Wood for Trees is part of the MyLife Digital Group which operates in the Personal Information Management Services (PIMS) sector, one of the fastest growing and most dynamic sectors in the UK (and global) economy. Existing MyLife Digital Group companies, Wood for Trees and PGIR already have an established, and growing, base of analytics services clients and considerable data science and sector expertise.