Skip to content

Three ways to make your prospect research GDPR-compliant without slowing down fundraising

A checklist with a red checkmark to denote a completed task on a pastel blue background.

Data protection compliance might sound complex, but we can assure you it’s not. Once you get the basics down, compliance strengthens donor relationships, streamlines processes and makes fundraising more effective. From our 27 years of experience, here are three ways to ensure your research is GDPR-compliant without slowing down fundraising. 

Assess the impact of your current processes

A Data Protection Impact Assessment (DPIA) can help you understand how your major gift research impacts your supporters. This identifies high-risk areas, so you can amend your practices to be compliant with data protection requirements.

Charities usually rely on legitimate interest as the lawful basis for processing personal data for prospect research. To demonstrate you genuinely do have a legitimate interest in undertaking the activity, you are encouraged to undertake a Legitimate Interest Assessment (LIA) which includes a balancing test to ensure that your research won’t infringe the rights of the individuals that you are researching.

Put data minimisation at the heart of your research

One of the key principles of GDPR is data minimisation. This requires that you only collect and process the minimum amount of personal data necessary to achieve your specific purpose. This applies to wealth screening, prospect research and all fundraising activities. 

In addition to only collecting the data you need, your organisation must have appropriate measures in place to protect individuals’ data. These measures might include encryption, access controls and regular backups, and should be outlined in your data protection policy.

Shout about your privacy policy

Your privacy policy shouldn’t be a secret. It should be easily accessible to your supporters and clearly describe the ways you use personal data and the safeguards you have in place. This is your opportunity to communicate transparently with your supporters and show them you treat their data with respect. 

If your research processes change, you need to update your privacy policy and tell your supporters about the changes, giving them ample time to opt out of data processing. 

Your policy should contain: 

  • Details of the data controller (and data protection officer)
  • Purposes for which the data will be processed and the legal basis 
  • Explanation of the organisation’s legitimate interest 
  • Categories of personal data
  • Who it will be shared with
  • Countries where it may be transferred
  • How long will their data be kept 
  • Data subjects’ rights, including to withdraw consent to processing and the right to opt-out
  • Sources of personal data – using publicly accessible sources
  • Use of third parties
  • Any automated decision-making or profiling (different to prospect research)

To ensure your privacy notice is fit for purpose, ask someone outside of your organisation to read it and explain it back to you. If they can’t explain it, take another look and simplify it.

At Prospecting for Gold, we specialise in research, wealth screening, consultancy and regulatory compliance.

Research can help you expand your donor base and boost your fundraising. By understanding your supporters, you can personalise your approach, making your fundraising efforts more effective and efficient.

Successful major gift fundraising isn’t just about securing a donation. It’s about building relationships, understanding people’s motivations and aligning their interests with your cause. 

Ready for research-based fundraising? Get in touch with us today.