The last few years have been a turbulent time for the charity sector and as a result, we’ve seen more organisations shift their focus to major donor fundraising. Delving into this arena means considering all the processes and systems required to work with your major donor prospects. In this article, Kerry Rock explores the link between data protection and best-practice major gift fundraising.
What is personal data?
Under the UK’s Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) (GDPR), personal data is information relating to an identifiable person. Identifiers may include name, ID number, location data or an online identifier. GDPR applies to both automated personal data and manual filing systems – any type of data you may be handling. Particular categories of data are classified as special category personal data and require you to gain consent if you are handling them. The special categories of personal data cover:
- Race or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data (where used to identify individuals)
- Health
- Sex life or sexual orientation.
Special rules also apply to the processing of information around criminal offences. If special category data has been made public by the individual, you may be able to use it in the same way as other data but you must be careful. Even if a donor tells you something in a meeting that falls into a special category of data, you have to be very cautious about recording it and should seek consent, eg. by getting their agreement for your to record notes of the meeting.
Data protection principles for best-practice fundraising
Data protection is all about great relationship fundraising and treating people with respect. Taking this best-practice approach to data protection and fundraising:
- Puts data protection at the heart of relationship fundraising
- Takes a privacy-by-design approach to any process that involves data
- Doesn’t collect excessive data – you collect and retain the data you really need to do the job
- Builds confidence and trust with your supporters
Your lawful basis for processing personal data
Before starting any data processing for major gifts fundraising, remember:
- Data protection laws apply to all processing of personal data
- You need a ‘grounds for lawfully processing data’
- You need to tell people what you are doing with their data
There are six lawful grounds for processing data under GDPR, these are:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
The ones we use most frequently when processing data for fundraising are consent, legitimate interest and occasionally contract. One is not better than the other and all may be appropriate for use at different times. Prospect research usually relies on legitimate interest.
We run free webinars on data protection – getting it right for major gift fundraising. These look at:
- Major gifts, prospect research and regulation
- The legal basis for your activities – how you can do prospect research and still comply with GDPR
- Legitimate Interest – what does it mean and how to demonstrate it
- Data Protection Impact Assessments – why, how and when
- Fair processing information – getting it right
- Using publicly accessible data sources
- Applying this to wealth screening, desk research, due diligence
- Data retention and minimisation.