SlideShare uma empresa Scribd logo

B2: Fundraising in an age of GDPR

Transferir como PPTX, PDF
NCVO - National Council for Voluntary Organisations
NCVO - National Council for Voluntary Organisations

Slides from breakout session B2: Fundraising in an age of GDPR, from the NCVO Annual Conference which took place on 16 April 2018.

Governo e ONGs
1 de 25
FUNDRAISING IN AN AGE OF GDPR SPEAKERS DANIEL FLUSKEY HEAD OF POLICY AND RESEARCH, INSTITUTE OF FUNDRAISING GERALD OPPENHEIM HEAD OF POLICY AND COMMUNICATIONS, FUNDRAISING REGULATOR Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
Fundraising in age of GDPR Gerald Oppenheim, Head of Policy and Communications, Fundraising Regulator NCVO Conference 16 April 2018
• GDPR comes into effect on 25th May 2018 • Government legislating to ensure GDPR passes into law before UK leaves European Union • New rules strengthen the rights of individuals over their personal data • Charities must:  Show they have a lawful bases to process personal data  Recognise and act on the rights of individuals under GDPR  Have adequate decision-making, monitoring and reporting processes in the organisation In brief
Information/data which relate to a living individual who can be identified directly or indirectly by reference to: a) an identifier such as a name, an identification number, location data or an online identifier, or b) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual. What is personal data?
• Consent: You can evidence a positive indication from the individual to say they are happy for you to use their data in a particular way. • A public task: if you need to process personal data to carry out your official functions or a task in the public interest – and you have a legal basis for the processing under UK law – you can. • A contract with the individual: eg. to supply goods or services they requested, or fulfil your obligations under an employment contract. • Legitimate interests: you can process personal data without consent if you have a genuine and legitimate reason (including direct marketing), unless this is overridden by the individual’s rights and interests. • Compliance with a legal obligation: if you are required by UK or EU law to process the data for a particular purpose, you can. • Vital interests: you can process personal data if it’s necessary to protect someone’s life. This could be the life of the data subject or someone else The 6 lawful bases for processing someone’s personal data: consent and legitimate interest
Consent must: • Be given through a clear affirmative action from the individual. • Give granular options to consent separately to different types of processing (you may combine some of your processing purposes if you can show they are sufficiently similar). • Be separate from other terms and conditions and not be a precondition of signing up to a service (unless necessary for that service). • Name the organisation and any third parties which will be relying on the consent. • Inform individuals about their right to remove consent at any time and offer easy ways to opt out in subsequent communications. • Be recorded in a format which enables the organisation to evidence who consented, when they consented, how they consented, and what they were told. • Be kept under review, and refreshed if anything changes. Consent: a “freely given, specific, informed and unambiguous indication of the individual’s wishes”
Where legitimate interest is your basis for processing, you need to: • Conduct a legitimate interest assessment:  Purpose test: are you pursuing a legitimate interest?  Necessity test: is the processing necessary for that purpose?  Balancing test: do the individual’s interests override the legitimate interest? • Let the individual concerned know that you are processing their data and for what purpose (usually through a privacy notice). • Offer them the opportunity to opt out if they wish to do so. • Keep it under review and repeat the legitimate interest assessment if anything changes. Legitimate interest:
Consent is likely to be most appropriate where: • you can offer people genuine choice and control over how you use their data, and want to build their trust and engagement Legitimate Interest is likely to be most appropriate where: • you use people’s data in ways they would reasonably expect and which have a minimal privacy impact. When is each appropriate?
• Following consultation (Oct – Dec 2017), we have:  made the rules on data protection more accessible  ensured consistent terminology between Code & GDPR  removed or replaced Code where inconsistent with GDPR  added and expanded definitions for key terms  increased signposting to existing ICO and FR guidance • Published in February (Comes into effect May 2018) Updating data protection in the code of Fundraising Practice
A few caveats… • Awaiting Data Protection Bill and in 2019 or 2020 PECR changes in the E Privacy draft directive. • Further ICO guidance expected on use of legitimate interest and consent. However… • ICO advice to charities is to get ready as draft guidance will not change much. • ICO have reviewed the revised Code and support it. Caveats are flagged where applicable. • Working with IoF, NCVO, charities and third parties on compliance issues. • Close relationship with ICO, Charity Commission, other regulators Data protection: next steps
Guidance on GDPR February 2017: Personal Information & Fundraising - guidance and toolkit • Developed with Protecture – data protection advisers. • Defining a Direct Marketing approach under GDPR. October 2017: GDPR resource library • Compiles key guidance and resources from a range of bodies. February 2018: Guidance with Institute of Fundraising • New 6 part "bitesize" GDPR guidance for fundraisers. • Identifies ways that personal data is used in 4 fundraising methods (community, trust, corporate and legacy fundraising). • Addresses key GDPR questions received from charities.
• Ongoing journey rather than a race ending on 25 May. • No surprises - much of the GDPR builds on existing DPA 1998. • Bigger fines possible for non-compliance, but ICO will use those powers “proportionately and judiciously” and “as a last resort”. • Lots of guidance and support out there. • “Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action.” Information Commissioner GDPR in summary – no reason to panic…
DISCUSSION: GDPR AND FUNDRAISING: WHAT’S ON YOUR MIND? Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
Excellent fundraising for a better world Fundraising in an age of GDPR Daniel Fluskey Head of Policy and External Affairs
Excellent fundraising for a better world GDPR Rules and compliance Culture and best practice Governance and leadership Donors and supporters
Trying to answer three questions at the same time How do charities make sure they’re properly following data protection law (GDPR and PECR)? Should charities be held to the same standards as businesses and other sectors, or should they be held to different/higher standards? How SHOULD charites be fundraising in a way that raises money, improves the experience for supporters & the public, and brings long- term sustainability? Excellent fundraising for a better world
Trying to answer three questions at the same time How do charities make sure they’re properly following data protection law (GDPR and PECR)? LEGAL COMPLIANCE Should charities be held to the same standards as businesses and other sectors, or should they be held to different/higher standards? FUNDRAISING REGULATION How SHOULD charites be fundraising in a way that raises money, improves the experience for supporters & the public, and brings long- term sustainability? EXCELLENT FUNDRAISING Excellent fundraising for a better world
Excellent fundraising for a better world Legal requirements Charity’s values/ethical approach/ excellence Code of Fundraising Practice
Excellent fundraising for a better world
Lawful processing Excellent fundraising for a better world
Opt in or opt out? (consent or legitimate interest?) Excellent fundraising for a better world 1. First off, check the rules and review the guidance. Consent is required for email and SMS. Consent or legitimate interest can be used for post or telephone (non-TPS). Do you know what each requires and how to do them fairly and lawfully? 2. Understand your options, scenario plan, budget and assess Should be a strategic and informed decision – not just fundraising Decide what’s right for your charity – a fully ‘opt in’ approach might not be best for all 3. Whichever way you go, make sure you do it right! And don’t just think about it as a ‘compliance’ question, what’s going to raise you money and give supporters a great experience?
What the rules can’t tell you… Excellent fundraising for a better world • How often to contact a supporter? • Whether to use consent or legitimate interest? (for non-electronic marketing!) • How long to keep donor records for? • How long does consent or your legitimate interest last? • The exact wording to use in your privacy policy and in fundraising communications
Five things to think about – for organisations 1. Accountability and governance. Not enough to ‘be compliant’. Need to be able to demonstrate that you are. How are you going to do that? 2. Make the right decisions for your charity (consent or legitimate interest?) 3. How will you be talking to supporters, providing information and giving them choices? (in a way that sounds human and engaging!) 4. Getting a joined up approach across your organisation – not just a fundraising issue! 5. However much guidance is out there – some things are up to YOU Excellent fundraising for a better world
Some resources to help Excellent fundraising for a better world
FUNDRAISING IN AN AGE OF GDPR SPEAKERS DANIEL FLUSKEY HEAD OF POLICY AND RESEARCH, INSTITUTE OF FUNDRAISING GERALD OPPENHEIM HEAD OF POLICY AND COMMUNICATIONS, FUNDRAISING REGULATOR Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:

Recomendados

Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVONCVO - National Council for Voluntary Organisations
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...DATUM LLC
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Miranda Marcus – Data and ethics
Miranda Marcus – Data and ethicsMiranda Marcus – Data and ethics
Miranda Marcus – Data and ethicsNEXTConference
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or SwimGuy Griffiths
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
 

Recomendados

Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVONCVO - National Council for Voluntary Organisations
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...
Data Discovery & Search: Making it an Integral Part of Analytics, Compliance ...DATUM LLC
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Miranda Marcus – Data and ethics
Miranda Marcus – Data and ethicsMiranda Marcus – Data and ethics
Miranda Marcus – Data and ethicsNEXTConference
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or SwimGuy Griffiths
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionInfoGoTo
 
5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics 5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics DATUM LLC
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedStewart Norriss
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Enterprise Data World 2018
Enterprise Data World 2018Enterprise Data World 2018
Enterprise Data World 2018jadams6
 
GDPR Affects Email Worldwide
GDPR Affects Email WorldwideGDPR Affects Email Worldwide
GDPR Affects Email WorldwideSparkPost
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshellMatthew Butler
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?NCVO - National Council for Voluntary Organisations
 
Gdpr the imo guide draft 2
Gdpr the imo guide draft 2Gdpr the imo guide draft 2
Gdpr the imo guide draft 2Imogen Bertin
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationIain Wicks MCIPR
 
GDPR Briefing for marketers
GDPR Briefing for marketersGDPR Briefing for marketers
GDPR Briefing for marketersSmart Insights
 

Mais conteúdo relacionado

Mais procurados

Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionInfoGoTo
 
5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics 5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics DATUM LLC
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedStewart Norriss
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Enterprise Data World 2018
Enterprise Data World 2018Enterprise Data World 2018
Enterprise Data World 2018jadams6
 
GDPR Affects Email Worldwide
GDPR Affects Email WorldwideGDPR Affects Email Worldwide
GDPR Affects Email WorldwideSparkPost
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
Gdpr the imo guide draft 2
Gdpr the imo guide draft 2Gdpr the imo guide draft 2
Gdpr the imo guide draft 2Imogen Bertin
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 

Mais procurados (20)

Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and Retention
 
5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics 5 Steps to Prepare for Digital Transformation & Real-Time Analytics
5 Steps to Prepare for Digital Transformation & Real-Time Analytics
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy Program
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data Shed
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
Enterprise Data World 2018
Enterprise Data World 2018Enterprise Data World 2018
Enterprise Data World 2018
 
GDPR Affects Email Worldwide
GDPR Affects Email WorldwideGDPR Affects Email Worldwide
GDPR Affects Email Worldwide
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
 
Gdpr the imo guide draft 2
Gdpr the imo guide draft 2Gdpr the imo guide draft 2
Gdpr the imo guide draft 2
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
 

Semelhante a B2: Fundraising in an age of GDPR

GDPR Briefing for marketers
GDPR Briefing for marketersGDPR Briefing for marketers
GDPR Briefing for marketersSmart Insights
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Lauren Isaacs
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareWinston & Strawn LLP
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarSpotler
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesMaRS Discovery District
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
GDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxGDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxTimBee1
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013Rachel Aldighieri
 

Semelhante a B2: Fundraising in an age of GDPR (20)

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR Briefing for marketers
GDPR Briefing for marketersGDPR Briefing for marketers
GDPR Briefing for marketers
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To Prepare
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett Long
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
GDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxGDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptx
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013
 

Mais de NCVO - National Council for Voluntary Organisations

Mais de NCVO - National Council for Voluntary Organisations (20)

AGM 2022: Vision for Volunteering
AGM 2022: Vision for VolunteeringAGM 2022: Vision for Volunteering
AGM 2022: Vision for Volunteering
 
AGM 2022: Building networks
AGM 2022: Building networksAGM 2022: Building networks
AGM 2022: Building networks
 
AGM 2022: Membership
AGM 2022: MembershipAGM 2022: Membership
AGM 2022: Membership
 
AGM 2022: Time Well Spent
AGM 2022: Time Well SpentAGM 2022: Time Well Spent
AGM 2022: Time Well Spent
 
AGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace reviewAGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace review
 
National Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staffNational Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staff
 
Improving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to considerImproving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to consider
 
NCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance CodeNCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance Code
 
Undertaking a governance effectiveness review
Undertaking a governance effectiveness reviewUndertaking a governance effectiveness review
Undertaking a governance effectiveness review
 
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentialsNCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
 
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyondNCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
 
Decision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and mergerDecision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and merger
 
Easing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staffEasing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staff
 
How to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertaintyHow to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertainty
 
Easing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staffEasing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staff
 
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
 
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells usNCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
 
NCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to workNCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to work
 
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
 
NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...
 

Último

The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learningNAP Global Network
 
74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptxpiyushsinghrajput913
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Partito democratico
 
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfPeace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfNAP Global Network
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Menggugurkan Kandungan 087776558899
 
Make a difference in a girl's life by donating to her education!
Make a difference in a girl's life by donating to her education!Make a difference in a girl's life by donating to her education!
Make a difference in a girl's life by donating to her education!SERUDS INDIA
 
3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.Christina Parmionova
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterChristina Parmionova
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30JSchaus & Associates
 
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...kumargunjan9515
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...kajalverma014
 
31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.Christina Parmionova
 
1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLS1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLSarandianics
 
Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxScottMeyers35
 
unang digmaang pandaigdig tagalog version
unang digmaang pandaigdig tagalog versionunang digmaang pandaigdig tagalog version
unang digmaang pandaigdig tagalog versionGLADYSNUEVO1
 
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and NumberCall Girls Mehsana / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and NumberSareena Khatun
 

Último (20)

The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfPeace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
Make a difference in a girl's life by donating to her education!
Make a difference in a girl's life by donating to her education!Make a difference in a girl's life by donating to her education!
Make a difference in a girl's life by donating to her education!
 
3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - Poster
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...
Dating Call Girls inBaloda Bazar Bhatapara 9332606886Call Girls Advance Cash...
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
 
31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.
 
1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLS1935 CONSTITUTION REPORT IN RIPH FINALLS
1935 CONSTITUTION REPORT IN RIPH FINALLS
 
Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptx
 
unang digmaang pandaigdig tagalog version
unang digmaang pandaigdig tagalog versionunang digmaang pandaigdig tagalog version
unang digmaang pandaigdig tagalog version
 
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and NumberCall Girls Mehsana / 8250092165 Genuine Call girls with real Photos and Number
Call Girls Mehsana / 8250092165 Genuine Call girls with real Photos and Number
 

B2: Fundraising in an age of GDPR

  • 1. FUNDRAISING IN AN AGE OF GDPR SPEAKERS DANIEL FLUSKEY HEAD OF POLICY AND RESEARCH, INSTITUTE OF FUNDRAISING GERALD OPPENHEIM HEAD OF POLICY AND COMMUNICATIONS, FUNDRAISING REGULATOR Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
  • 2. Fundraising in age of GDPR Gerald Oppenheim, Head of Policy and Communications, Fundraising Regulator NCVO Conference 16 April 2018
  • 3. • GDPR comes into effect on 25th May 2018 • Government legislating to ensure GDPR passes into law before UK leaves European Union • New rules strengthen the rights of individuals over their personal data • Charities must:  Show they have a lawful bases to process personal data  Recognise and act on the rights of individuals under GDPR  Have adequate decision-making, monitoring and reporting processes in the organisation In brief
  • 4. Information/data which relate to a living individual who can be identified directly or indirectly by reference to: a) an identifier such as a name, an identification number, location data or an online identifier, or b) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual. What is personal data?
  • 5. • Consent: You can evidence a positive indication from the individual to say they are happy for you to use their data in a particular way. • A public task: if you need to process personal data to carry out your official functions or a task in the public interest – and you have a legal basis for the processing under UK law – you can. • A contract with the individual: eg. to supply goods or services they requested, or fulfil your obligations under an employment contract. • Legitimate interests: you can process personal data without consent if you have a genuine and legitimate reason (including direct marketing), unless this is overridden by the individual’s rights and interests. • Compliance with a legal obligation: if you are required by UK or EU law to process the data for a particular purpose, you can. • Vital interests: you can process personal data if it’s necessary to protect someone’s life. This could be the life of the data subject or someone else The 6 lawful bases for processing someone’s personal data: consent and legitimate interest
  • 6. Consent must: • Be given through a clear affirmative action from the individual. • Give granular options to consent separately to different types of processing (you may combine some of your processing purposes if you can show they are sufficiently similar). • Be separate from other terms and conditions and not be a precondition of signing up to a service (unless necessary for that service). • Name the organisation and any third parties which will be relying on the consent. • Inform individuals about their right to remove consent at any time and offer easy ways to opt out in subsequent communications. • Be recorded in a format which enables the organisation to evidence who consented, when they consented, how they consented, and what they were told. • Be kept under review, and refreshed if anything changes. Consent: a “freely given, specific, informed and unambiguous indication of the individual’s wishes”
  • 7. Where legitimate interest is your basis for processing, you need to: • Conduct a legitimate interest assessment:  Purpose test: are you pursuing a legitimate interest?  Necessity test: is the processing necessary for that purpose?  Balancing test: do the individual’s interests override the legitimate interest? • Let the individual concerned know that you are processing their data and for what purpose (usually through a privacy notice). • Offer them the opportunity to opt out if they wish to do so. • Keep it under review and repeat the legitimate interest assessment if anything changes. Legitimate interest:
  • 8. Consent is likely to be most appropriate where: • you can offer people genuine choice and control over how you use their data, and want to build their trust and engagement Legitimate Interest is likely to be most appropriate where: • you use people’s data in ways they would reasonably expect and which have a minimal privacy impact. When is each appropriate?
  • 9. • Following consultation (Oct – Dec 2017), we have:  made the rules on data protection more accessible  ensured consistent terminology between Code & GDPR  removed or replaced Code where inconsistent with GDPR  added and expanded definitions for key terms  increased signposting to existing ICO and FR guidance • Published in February (Comes into effect May 2018) Updating data protection in the code of Fundraising Practice
  • 10. A few caveats… • Awaiting Data Protection Bill and in 2019 or 2020 PECR changes in the E Privacy draft directive. • Further ICO guidance expected on use of legitimate interest and consent. However… • ICO advice to charities is to get ready as draft guidance will not change much. • ICO have reviewed the revised Code and support it. Caveats are flagged where applicable. • Working with IoF, NCVO, charities and third parties on compliance issues. • Close relationship with ICO, Charity Commission, other regulators Data protection: next steps
  • 11. Guidance on GDPR February 2017: Personal Information & Fundraising - guidance and toolkit • Developed with Protecture – data protection advisers. • Defining a Direct Marketing approach under GDPR. October 2017: GDPR resource library • Compiles key guidance and resources from a range of bodies. February 2018: Guidance with Institute of Fundraising • New 6 part "bitesize" GDPR guidance for fundraisers. • Identifies ways that personal data is used in 4 fundraising methods (community, trust, corporate and legacy fundraising). • Addresses key GDPR questions received from charities.
  • 12. • Ongoing journey rather than a race ending on 25 May. • No surprises - much of the GDPR builds on existing DPA 1998. • Bigger fines possible for non-compliance, but ICO will use those powers “proportionately and judiciously” and “as a last resort”. • Lots of guidance and support out there. • “Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action.” Information Commissioner GDPR in summary – no reason to panic…
  • 13. DISCUSSION: GDPR AND FUNDRAISING: WHAT’S ON YOUR MIND? Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
  • 14. Excellent fundraising for a better world Fundraising in an age of GDPR Daniel Fluskey Head of Policy and External Affairs
  • 15. Excellent fundraising for a better world GDPR Rules and compliance Culture and best practice Governance and leadership Donors and supporters
  • 16. Trying to answer three questions at the same time How do charities make sure they’re properly following data protection law (GDPR and PECR)? Should charities be held to the same standards as businesses and other sectors, or should they be held to different/higher standards? How SHOULD charites be fundraising in a way that raises money, improves the experience for supporters & the public, and brings long- term sustainability? Excellent fundraising for a better world
  • 17. Trying to answer three questions at the same time How do charities make sure they’re properly following data protection law (GDPR and PECR)? LEGAL COMPLIANCE Should charities be held to the same standards as businesses and other sectors, or should they be held to different/higher standards? FUNDRAISING REGULATION How SHOULD charites be fundraising in a way that raises money, improves the experience for supporters & the public, and brings long- term sustainability? EXCELLENT FUNDRAISING Excellent fundraising for a better world
  • 18. Excellent fundraising for a better world Legal requirements Charity’s values/ethical approach/ excellence Code of Fundraising Practice
  • 19. Excellent fundraising for a better world
  • 21. Opt in or opt out? (consent or legitimate interest?) Excellent fundraising for a better world 1. First off, check the rules and review the guidance. Consent is required for email and SMS. Consent or legitimate interest can be used for post or telephone (non-TPS). Do you know what each requires and how to do them fairly and lawfully? 2. Understand your options, scenario plan, budget and assess Should be a strategic and informed decision – not just fundraising Decide what’s right for your charity – a fully ‘opt in’ approach might not be best for all 3. Whichever way you go, make sure you do it right! And don’t just think about it as a ‘compliance’ question, what’s going to raise you money and give supporters a great experience?
  • 22. What the rules can’t tell you… Excellent fundraising for a better world • How often to contact a supporter? • Whether to use consent or legitimate interest? (for non-electronic marketing!) • How long to keep donor records for? • How long does consent or your legitimate interest last? • The exact wording to use in your privacy policy and in fundraising communications
  • 23. Five things to think about – for organisations 1. Accountability and governance. Not enough to ‘be compliant’. Need to be able to demonstrate that you are. How are you going to do that? 2. Make the right decisions for your charity (consent or legitimate interest?) 3. How will you be talking to supporters, providing information and giving them choices? (in a way that sounds human and engaging!) 4. Getting a joined up approach across your organisation – not just a fundraising issue! 5. However much guidance is out there – some things are up to YOU Excellent fundraising for a better world
  • 24. Some resources to help Excellent fundraising for a better world
  • 25. FUNDRAISING IN AN AGE OF GDPR SPEAKERS DANIEL FLUSKEY HEAD OF POLICY AND RESEARCH, INSTITUTE OF FUNDRAISING GERALD OPPENHEIM HEAD OF POLICY AND COMMUNICATIONS, FUNDRAISING REGULATOR Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner: