Published: 10 May 2018

GDPR is helping us put supporters first

Charities often set themselves up with different teams, directorates, departments. The fundraising team, marketing team, campaigns team, supporter engagement team, or volunteering team to name a few. Each one may have its own particular projects, activities, and communication with new and existing supporters.

Some charities do this very well, taking a holistic and supporter-focused approach that requires a clear strategy and a culture of cross-team working. However, for those that struggle to get there, GDPR can actually be helpful.

The GDPR – and the ICO – don’t care what team a mailing came from. They aren’t interested in whether it’s a newsletter talking about the impact of a charity’s work, information on the new campaign and how to sign up, or information on how someone could leave a legacy gift. For them, it’s all direct marketing.

So for GDPR, we need to be thinking about things from this single point of view – the communication from a charity to a supporter. Working out how and when we communicate with them, on different issues, is going to require a more joined-up way of working. It forces us to think differently, and as 25 May, the date when GDPR becomes effective, looms, there are other areas where we need to think differently too.

1. Yes, there are legal requirements, but that doesn’t mean you can’t communicate in an engaging way

It’s important supporters get the right information about how their data is going to be used and are provided with the appropriate choices. But that doesn’t mean we have to talk to supporters in legalese and jargon. We need to be inspiring them, leaving people keen to provide their contact details because they want to hear more.

Use plain English, make it easy for supporters, and reassure them about how their data will be used. Why would you say ‘data processing for direct marketing purposes’ to a supporter, when you can say ‘so you can hear more about the difference your donation will make and ways you can support us in the future?’

2. Give supporters choices and control – but not death by tick box

Supporters need to be in control. They should have choices about how and what they hear from you. However, be careful about how many choices you are giving people and how prescriptive you are in your approach. Do you really need to offer 25 tick boxes to ask for a preference on every area of your work? Probably not.

It’s likely to be off-putting to a supporter, and you might tie yourself in knots. You need to be giving people a clear and meaningful choice. For some charities, that might be more granular than others. Talk with different teams, review your CRM/admin system and think about how you’re actually going to be able to keep all of those preferences recorded (and then do so!).

3. Don’t follow the crowd – make the right decision for your charity and supporters

Your charity is unique – you have something specific in your cause and your beneficiaries. Your organisation will have something different to say and a vision of the impact you want to have in the world. So, when thinking about how you intend to use supporters’ data, you should do it in a way that works best for your charity and its supporters.

Different charities work differently – some have decided to ask for consent for all direct marketing. That’s fine, but is that the right thing for you? Will that decision help you achieve change in the world? Would legitimate interest be a better basis for processing data for you and your supporters? These (and others) are important questions to think about. GDPR does give you choices, it doesn’t rank options from best to worst, so it’s up to you to decide.

4. GDPR doesn’t always give you the answer you’re looking for

How long does consent last? When does your legitimate interest run out? How often can you contact a supporter? These are questions that GDPR doesn’t have a specific answer for. In many cases it sets out a goal, or objective, and then asks organisations to get to the answer themselves. In lots of places, the ball is in your court. GDPR won’t tell you when consent runs out, but each charity should have an idea (and a policy) of when it is no longer reasonable to contact a supporter. Charities have to do this thinking themselves and embed decisions across the organisation.

So, lots to do! And remember GDPR compliance doesn’t stop on 25 May, that’s just the start!. As we continue to ensure ongoing legal compliance, we need to always keep supporters at the heart of what we do – compliant fundraising isn’t enough, it has to be excellent too.

Find out more

Find out more about GDPR comms in this presentation by Daniel and Kavya from our future of engagement conference.

Is your charity GDPR ready? Resources from our seminar including videos of the speakers (exclusive to CharityComms members)

Case studies, photos and films can be personal data under GDPR too

Five ways to make sure your digital services comply with GDPR


Image: Pixabay


Daniel Fluskey, head of policy and external affairs, Institute of Fundraising

Daniel Fluskey is head of policy and external affairs at the Institute of Fundraising and leads the Institute's policy development and research work.