Did you know that the General Data Protection Regulation (GDPR) law that covers residents of Europe can also affect your nonprofit in the United States? And, did you know that if you’re found not to have protected and followed those regulations, you can be fined as much as 4 percent of your entire revenue? Yes, even a nonprofit in the U.S.
In its simplest terms, the GDPR obligates any organization––anywhere––to protect the data of any resident of Europe, which includes everything from names and addresses to social media posts and even IP addresses.
So, how can you make sure to protect your donor data in today’s world?
Let’s look at the easiest things you can do!
- As was written above, the GDPR affects all data, so the number one thing you can do is to familiarize yourself with the lawand assume that all of your information and even fundraising solicitations can end up in the hands of someone who resides in Europe. If you solicit donations on social media, you never know who’s going to see your appeals and make a donation. So, always work within the GDPR framework.
- European residents have the right to be forgotten so you should make it a point to have a CRM system that is integrated for ease.The right to be forgotten means that any information any organization has on them is subject to deletion. At any moment any European resident can communicate with you in any form and request that you eliminate all of their information from your database. Having an integrated CRM system will help you take people off all of your databases, including donor and financial easily.
- It’s essential to have written policies that are stringent and protect donor information.There’s a lot of great information on the internet that nonprofits can use to learn more about data protection. Some of those places include the National Council of Nonprofits and Know How Nonprofit. You can also ask corporate donors (and perhaps a grant) for their expertise in security. Corporations are a great resource of knowledge and could help you through their corporate social responsibility (CSR) programs.
- Give people an easy way to opt-out because they should always have the ability to opt-out without having to reach out to you.A straightforward thing you can do for all of your emails and electronic communication is to have opt-out checkboxes or links. And, if someone has opted out, make sure to get them off your lists. Nonprofits have been known to call on people who have opted out only to get themselves into an awkward situation with the donor and face possible sanctions from regulators.
- Make security a paramount part of your group, which means you should make it a point to transfer sensitive donor information by the most secure means possible.When you’re communicating with others, use end-to-end encryption tools, firewalls and always make it a point to regularly change passwords, especially when you’ve had team members leave your organization. If you have Excel files (and many nonprofits do) with donor information, get that information into a CRM and if you must use Excel, protect the data with passwords.