(But wait, this is actually a good thing for privacy! Plus, it’s an opportunity to engage.)
There is a lot of information out there about GDPR and it can become confusing, quickly. So the team here at Pursuant put together a brief FAQ and best practice recommendations for you and your organization. We hope this makes it a little easier to consume and understand what you should do as a nonprofit professional.
What is GDPR?
GDPR stands for General Data Protection Regulation, which is a new EU regulation replacing the 1995 EU Data Protection Directive (DPD). As of May 25, 2018, this regulation is in force in the EU to enhance the protection of personal data of EU citizens, and to increase the obligations of organizations who collect, store or process personal data.
The regulation builds upon the 1995 Directive’s requirements for data privacy and security, however it also includes new provisions and creates harsher penalties for violations.
How does this affect my organization and my email list?
Regardless of where your organization is located, if you have constituents located in the EU, the GDPR applies to you and your organization’s data privacy practices. Bottom line: EU constituents must consent to receive communication from your organization.
Per an article recently published by Forbes, “The General Data Protection Regulation (“GDPR”) is a legal framework that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. It covers all companies that deal with the data of EU citizens, specifically banks, insurance companies, and other financial companies.”
What are recommended next steps?
- If you have a donor CRM or database, you should query your database to build a segment or group of those individuals who are located in the EU.
What are recommended best practices for a GDPR communication to my constituents?
We recommend that you use this as an opportunity to stand out from the crowd and re-engage your constituents.
If you have not already done so, you should do the following:
Inform your constituency
Use this email communication as an opportunity to thank them for their engagement with your organization, and remind them of the important relationship they have with your cause.
Here are some ways in which you can do this:
- Have some fun with it! Don’t just be another boring GDPR email to be compliant. You could even include humor if you feel it is appropriate, recognizing that you know you are “just another GDPR email”.
- Use this as an opportunity to re-engage and remind people when they opted in or thank them for their last gift of $X.
- Send a message specific to those located in the EU and send a different message to those on your file who are not in the EU.
- The EU version should include a link to opt back into your communications. Be sure that the checkbox to opt-in is not preselected for these individuals. Your constituents will need to self-check the box.
Additional Resources and Insights We Find Helpful:
There are a lot of helpful resources on this topic, so we wanted to point you to those which we found most helpful.