Trust is essential you’re when building strong donor relationships, and data protection goes hand in hand with it. Despite this, many charities unknowingly make common data protection mistakes that could jeopardise their donor relationships.
Protecting your donors’ data isn’t just best-practice fundraising, it’s a key part of building long-term, sustainable relationships with your supporters. Using research and data to make informed asks is now the norm for major gift fundraisers, but as much as data opens doors it also needs to be protected. Your donors need to know they can trust you with their personal information.
These are the top three research-related data protection mistakes we see charities make and how to avoid them.
Not telling your supporters about the research you’re doing
It’s perfectly lawful to carry out research on your supporters – in fact, your high-profile ones expect it. It only poses a problem when you don’t tell your supporters what you are doing with their data and give them an opportunity to ask you not to process their data in this way.
You can inform your supporters about how you are using their personal data, and in particular about any prospect research you do, in your privacy notice. Keep your supporters in the loop when you make any changes to your privacy notice and make sure it’s easy for them to opt out of any specific aspects of your processing.
Not reviewing and documenting your legal basis for research
To keep your research above board, you need ‘grounds for lawfully processing data’. There are six lawful grounds for processing data under GDPR, these are:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
The ones we use most frequently when processing data for fundraising are consent, legitimate interest, and occasionally contract. One is not better than the other and all may be appropriate for use at different times. Prospect research usually relies on legitimate interest. If you’re going to rely on legitimate interest, make sure you do a Legitimate Interest Assessment (LIA) which includes a balancing test to ensure that your research won’t infringe on the rights of the individuals you are researching. Document your rationale for relying on legitimate interest as you may need to refer to it later.
An unclear privacy notice
Your privacy notice may be the first point of contact a potential donor has with you. Use it to make a good impression and show that your organisation takes a privacy-by-design approach to handling their data. Make sure your privacy notice informs your supporters how their data might be processed in line with GDPR guidelines. It should be accessible via your website and on any sign-up forms or mailing lists that collect supporters’ data. When describing your research and wealth screening, make sure you cover the following points:
- Why you do the research and the importance of it for your fundraising
- The types of research you undertake eg. wealth screening, financial analysis
- Your data sources, including a brief outline of any public information you use
- Any use of third parties, possibly naming them and specifying the activities they undertake for you
- Your legal basis for the activity, ie a summary of your legitimate interest
- Details of how people can opt out of the processing
Are you ready to learn more about getting data protection right for major gift fundraising? Join our free webinar on Thursday 27th of February, covering:
- Major gifts, prospect research and regulation
- The legal basis for your activities – how you can do prospect research and still comply with GDPR
- Legitimate Interest – what does it mean and how to demonstrate it
- Data Protection Impact Assessments – why, how and when
- Fair processing information – getting it right
- Using publicly accessible data sources
- Applying this to wealth screening, desk research, due diligence
- Data retention and minimisation