
Ready for research-based fundraising? Here's how to keep it GDPR compliant
May 2021
Research-based fundraising is all the rage. More and more organisations are using it to boost their major gifts, online and corporate fundraising programmes. But if you rush into it without doing your preparation, you might just fall short on your data protection compliance. Here’s a reminder of how to remain GDPR compliant if you’re focusing on research-based major gift fundraising.
Undertake a Data Protection Impact Assessment (DPIA)
Undertaking a DPIA for your major gifts programme is a vital step to ensuring you understand the impact of your data processing. A DPIA is an assessment of the ways your organisation uses personal data for specific activities. It should describe the purpose for which you collect the data and look at information flows, e.g. how data will be obtained, used and retained. It should also identify the privacy risks and evaluate solutions to those risks. Once the recommended actions are agreed upon, they should be incorporated into the overall project plan. This will help you develop and implement research processes that are compliant with data protection requirements.
Get familiar with legitimate interest and document your rationale
There are six lawful grounds for processing data under GDPR. These are consent, contract, legal obligation, vital interests, public task and legitimate interest.
The ones we use most frequently when processing data for fundraising are consent, legitimate interest and occasionally contract. One is not better than the other, and all may be appropriate for use at different times. Most organisations use legitimate interest as grounds for processing their supporters’ data when doing research.
Undertaking a Legitimate Interest Assessment (LIA) enables you to verify that you do have a legitimate interest and that the processing you are doing is necessary. In completing your LIA, you will be able to show that you are taking into account the reasonable expectations of data subjects and the impact of the processing on individuals’ interests, rights, and freedoms. The balancing test of the LIA enables you to demonstrate that in exercising your legitimate interests you are not causing disproportionate impact on your supporters. You should document the outcome of this balancing test (and any mitigating steps).
Update your Privacy Notice
You should regularly review your privacy notice and make sure it covers all the ways you will be processing data, including any research you might be doing. If you need to update it, make sure you notify your supporters of any changes and give them the option to opt out of processing. After you’ve given them enough time to do this, you can start your prospect research.
With over 25 years of experience working with the not-for-profit sector, our team provides research, wealth screening, consultancy, regulatory compliance and training support to charities of all sizes, making fundraising more effective and successful.
We'll help you learn more about the people who support your cause, give you a detailed insight into your best prospects and identify new ones, whether they be wealthy individuals, grant-makers or institutional funders. Get in touch with us by email at info@prospectingforgold.co.uk or call us on 01491 577311.