So much has happened this week in terms of privacy rules and regulations!
If your inbox is anything like mine, it has been inundated and overflowing with businesses and organizations sending updated privacy policies, in order to comply with GDPR, which goes into effect today.
In this video, I briefly cover GDPR, what it is, and the implications for nonprofit marketers and fundraisers around the world, even if you aren’t located in the UK.
The Information Commissioner’s Office in the UK is the best resource for up-to-date info on GDPR.
The ICO is the UK’s independent authority, “set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”
What is GDPR?
The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK.
It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill.
The GDPR sets out requirements for how businesses, companies, and nonprofits will need to handle “personal information” going forward, and it goes into effect today (May 25).
What qualifies as “personal information”?
The ICO lists “personal information” as the following:
- Email addresses
- IP addresses
- Identification numbers
- Biometric identifiers (fingerprints, iris patterns, DNA)
- Physical or physiological attributes
- Medical/health information
- Website cookies
To break it down in simple terms, the GDPR stipulates that a person must explicitly agree to be put on your promotional email list.
Just because they attended an event, made a donation, signed a petition, or downloaded a white paper – that is NOT enough to qualify as consent to email.
This also applies to your CURRENT email subscribers and database, not just future subscribers.
Hence all of those emails asking you to opt-in again, and the widespread changes to privacy policies.
What the GDPR is not
In my research for this video, I kept finding articles that would terrify any well-meaning but small nonprofit who wants to comply with GDPR – fines of 10 million Euros, 2% of annual revenue, etc.
However, as the ICO has repeatedly said, this law is not about fines.
It’s about putting the consumer and citizen first.
Is it time to panic?
I am in the court of opinion that the GDPR is a good thing.
It is about putting consumer and citizens FIRST.
It means we will have more control over our information and personal data.
It also means that as marketers, we will spend less time shouting into the void at people who have no real interest in our work.
I completely agree with Seth Godin’s take on this (shocking, I know):
“Talk to people who want to be talked to.
Market to people who want to be marketed to.
Because anticipated, personal and relevant messages will always outperform spam.
And spam is in the eye of the recipient.”
What can nonprofits do?
Check with your legal counsel first and foremost!
There are a few other things that your nonprofit can do to ensure that you are compliant:
Ultimately, to be added to your email list, a person must specifically and affirmatively agree to be added to your list.
You may not automatically add them just because they downloaded a paper, attended a webinar, signed a petition, or even made a donation.
As always, we have to sell people on the value provided by being on our email list, and then get their consent. (This was a best practice way before GDPR.)
The new consent standard applies to your EXISTING list. As of today, you cannot email your existing contacts who live in the UK who have not given explicit consent.
The ICO recommends that “the information you supply about the processing of personal data must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and
- free of charge.”
Don’t use legal jargon. Write in plain English that a fourth grader could understand.
Wired Impact suggests including the following pieces of information:
- What information are you collecting from visitors?
- Can this information be used to identify individuals or is it aggregated and anonymous?
- How will you use this information?
- Who will be able to access this information?
- Will you share this information with any other parties?
- How will you protect their information?
- How will you notify visitors of changes to your policies?
Resources for Writing Privacy Policies
Nonprofit example generously shared from Second Story (thanks Abigail!)
Of course, I am not a lawyer and I am not qualified to give out legal advice.
However, I am a passionate permission marketing evangelist. If you have questions about GDPR or nonprofit marketing, be sure to join the private nonprofit Facebook Group!
Request access here.
Want to learn more about how your nonprofit could use Instagram? Get the Ultimate Guide to Instagram for Small Nonprofits!
Get this free e-book and you will receive:
- Updated information on Instagram and the rising popularity of the visual social network;
- A step-by-step guide to setting up your nonprofit with free Instagram Business tools;
- A complete run-down and review of 10 specific ways to use Instagram to raise money and awareness for your cause - with real-world examples!
I provide you with all the tips and secrets that I use in my business and with my nonprofit clients, to get them results using Instagram! Sign up now to secure your spot!