STAUPELL ANALYTICS GROUP - ANALYTICS EXPERTS FOR NONPROFITS, IMPROVING FUNDRAISING
  • Home
  • About
    • Staupell Team
    • Testimonials
    • Partnerships >
      • Prospect Research Institute
      • Lityx
      • TouchPoints
      • Gravyty
  • Services
    • Fundraising Analytics
    • Prospect Development
    • Business Intelligence
    • Database Administration
    • Fundraising Optimization Solution
  • Training
    • Analytics Machine Learning Artificial Intelligence
    • Business Intelligence Visualization Reporting
    • Prospect Research and Management
    • Webinars
    • Classes >
      • Beginner Analytics Using R
      • Analytics Classes
      • Skill Builder Series
    • Workbooks
  • Blog
  • Events
    • Water Cooler Chats
    • Video Replays
  • Contact
  • Product

Driven by Data Blog

Data Protection Law Changes in the EU and UK - Are You Ready for GDPR?

5/1/2018

3 Comments

 
By - Greg Duke
Picture
Many of you in the nonprofit world have heard about GDPR (the General Data Protection Regulation) and its consequences for the protection of data for individuals in the European Union and the United Kingdom. There have been a lot of rumors and stories involving the consequences for American nonprofits which fail to protect their European-based alumni or donor constituents.

​In this article, I will demystify GDPR and help point American database managers and others involved in the maintenance of data in the right direction to follow European and UK law.

GDPR is a European Union regulation which requires EU member nations and any businesses or organizations to preserve the digital rights of EU citizens and residents. In a nutshell, GDPR requires nations, businesses, and organizations to “process” the data of EU citizens and residents only when there is a “lawful basis” to do so. For most nonprofit organizations, the only lawful basis for data processing requires the EU subject to opt in by providing an affirmative consent. In other words, if a nonprofit—even one located in the United States or another non-EU country—wants to continue to use or even hold data on an EU citizen or resident, the nonprofit must obtain an affirmative assent from that citizen or resident, or potentially face consequences up to and including a heavy fine.

It is clear that the rules laid down by GDPR are very different from data policies commonly practiced in the United States. The GDPR grants EU citizens and residents both the right to dictate the use of his or her personal data and the “right to be forgotten.” From a practical standpoint, these rights give EU citizens and residents not only the right to forbid companies and organizations to use their data to make profits or raise money, but also the right to forbid the same companies and organizations to hold their data at all. A strict interpretation of GDPR suggests that unless an EU citizen or resident gives his or her express permission to use personal data—including age, phone number, address, and other biographical data—an organization, even one based outside of the EU, cannot hold that person’s data. In a word, that person must be “forgotten” by the organization.

I have been following GDPR and its potential effects on American nonprofits with great interest. In 2000, I was employed by St. Edmund Hall at Oxford University when the United Kingdom passed its own regulations on data protection in response to European Union directives. Those regulations—the Data Protection Acts of 1998 and 2002—have recently come back into the news, as they were cited by the UK Information Commissioner’s Office in the fining of two nonprofits who were judged to have mishandled their donors’ personal data. As the database manager at St. Edmund Hall, I drafted the college’s response to the Data Protection Acts and outlined a structure by which the college could comply with the Acts’ regulations. This structure was adopted by St. Edmund Hall and is still in use today.

In my experience with data protection regulations in the European Union and the United Kingdom, the text of the law may seem chilling, and the potential fines may seem dire, but compliance with the law can be achieved through careful diligence. I would urge all American nonprofits who have at least one alumnus or donor or even a database constituent who lives in the European Union (and in my experience that is nearly every American nonprofit) to familiarize themselves with the General Data Protection Regulation. The Wikipedia page on GDPR  is actually a good start, as it provides a relatively concise description of the Regulation without recourse to political bias or further myth-making. The Wikipedia page also provides links to the GDPR documentation itself, and to the European Data Protection page which answers some basic questions about the regulation.

I would also urge American nonprofits to reach out to their European and British constituents as soon as possible to offer these constituents an opportunity to provide affirmative consent to allow their data to be continued to be held and used in fundraising operations. From my reading of GDPR, this affirmative consent may be obtained either by mail or digitally either online or by email (I would recommend against consent by phone as the GDPR prefers written consent of the constituent). I would also recommend that American nonprofit data managers put into place a policy on how to remove data from their database and other electronic systems for constituents who either actively refuse to provide affirmative consent, or who fail to provide any form of consent.

There are still many questions to be answered about GDPR and its affects on American nonprofits.  Namely, there are questions about how the GDPR’s “right to be forgotten” might clash with US regulations on student data and/or IRS regulations on keeping information on giving data. At Staupell, we will be monitoring these issues and I will be writing updates to this blog post as needed.

I am happy to give advice on any and all issues relating to GDPR and how American nonprofits can prepare for its consequences. I can be reached at greg@staupell.com.
​
 
 
View Image Copyright: here
3 Comments
DFK Missouri link
3/13/2021 08:30:21 pm

Thanks forr the post

Reply
Sump Pump Installation Georgetown link
7/6/2022 11:27:59 pm

Hello mate, nice blog

Reply
Ronnie Hutchins link
1/11/2023 09:50:31 am

As they were cited by the UK Information Commissioner’s Office in the fining of two nonprofits who were judged to have mishandled their donors’ personal data. I’m so thankful for your helpful post!

Reply



Leave a Reply.

    Keep Informed
    Sign up for
    notifications when a
    new post comes out

    Sign Up Now


    Authors

    Marianne Pelletier has more than 30 years of experience in fundraising, with the majority in prospect research and prospecting.

    Greg Duke helps Raiser’s Edge clients to optimize their database by implementing data clean-up techniques and creating reporting structures, including dashboards and SQL queries.  He also facilitates data imports into Raiser’s Edge and database administration.

    Categories

    All
    Advancement Svcs
    Annual Giving
    Artificial Intelligence
    Assessment
    Big Data
    Blackbaud
    Branding
    Dashboards
    Databases
    Data Management
    Data Mining
    Data Prep
    Dependent Variables
    Donor Modeling
    Efficiency
    Engagement
    GDPR
    Giving Variables
    Linear Regression
    Machine Learning
    Major Gifts
    NFT
    Participation
    Productivity
    Project Planning
    Prospecting
    Prospect Research
    Push Technology
    Raiser's Edge
    RE NXT
    Reporting
    Research Pride
    RFM
    Statistics

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    March 2021
    September 2020
    June 2020
    May 2020
    March 2020
    February 2020
    July 2019
    May 2019
    March 2019
    December 2018
    September 2018
    May 2018
    March 2018
    September 2017
    June 2017
    March 2017
    January 2017
    December 2016
    September 2016
    June 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015

    View my profile on LinkedIn
Picture
© COPYRIGHT 2023 Staupell Analytics Group. ALL RIGHTS RESERVED.
  • Home
  • About
    • Staupell Team
    • Testimonials
    • Partnerships >
      • Prospect Research Institute
      • Lityx
      • TouchPoints
      • Gravyty
  • Services
    • Fundraising Analytics
    • Prospect Development
    • Business Intelligence
    • Database Administration
    • Fundraising Optimization Solution
  • Training
    • Analytics Machine Learning Artificial Intelligence
    • Business Intelligence Visualization Reporting
    • Prospect Research and Management
    • Webinars
    • Classes >
      • Beginner Analytics Using R
      • Analytics Classes
      • Skill Builder Series
    • Workbooks
  • Blog
  • Events
    • Water Cooler Chats
    • Video Replays
  • Contact
  • Product