GDPR + Technology + Data = Mission Success
by Dan Keyworth, Director for Customer Engagement – Education and Foundations
Blackbaud (International Markets Group)
GDPR, recent ICO fines, the Fundraising Regulator and the Fundraising Preference Service have collectively focused the attention of the non-profit community on compliance – to an extent not seen before. The purpose is clear: organisations must respect the ownership that individuals have over their own data. At the same time, it is essential that institutions can champion advancement and tie this information processing closely to their missions.
Technology and data play a key role as enablers of great relationships, by helping us to understand, to excite, to ask and to steward. This becomes even more relevant in the GDPR world. You understandably need to review your CRM databases and digital technology solutions to ensure you comply, and any changes inevitably involve work for the back-office.
The changing regulatory landscape is also creating lots of noise, some of it contradictory. To deliver a joined-up approach, Blackbaud is channelling its efforts into providing detailed, informed guidance in conjunction with CASE and other partners, through initiatives such as CASE’s GDPR technology workstream.
Recent introspection across the sector has prompted more of us to explain why our profession does what it does and how it supports the fulfilment of institutions’ missions. This self-analysis, though time-consuming, will serve us well in the future. And the impact that advancement can have over the coming decades remains truly inspiring.
Institutions’ priorities, their audiences and their paths along the advancement journey are diverse. So there is a need for our technology, and the data it holds, to be flexible enough to underpin a range of different approaches around opt -in and -out.
Alongside consent, it looks likely that legitimate interests (and performance of public tasks) will remain a strong ground for institutions processing personal data. Of course, this doesn’t diminish the importance of adhering to existing opt-in obligations under ePrivacy regulation for channels such as email and SMS.
Where legitimate interests are the legal basis, then it is still imperative that technology solutions help make it clear to individuals how their data is processed, and how they can opt-out of specific communications or activities. And for those who do pursue unambiguous opt-in consent, then we need to help make that journey successful.
In both cases, technology should ease the collecting or updating of alumni and supporters’ preferences, be that online, by post, verbally or via any other means. Recording such preferences and understanding changes over time should also be intuitive. Critically, technology should empower you to best utilise those preferences, not just to comply, but to deliver progressively relevant, personalised and engaging communications that reflect each person’s interests and passions, and help you serve your mission.
Three key aspects of good data management
Beyond consent and preference management, three further factors hold true for all CASE members, for which technology should play a role:
- To manage data effectively, we must share and adhere to clear and transparent Privacy Notices, covering each aspect of how data is processed. And, as part of that, saying not just what you do, but why you do it – and how this helps transform lives for individuals, communities and societies.
- Leadership teams must be part of this conversation: not only to be accountable for complying with the GDPR, but to understand sufficiently – if they don’t already – the mechanics of successful development and alumni relations and how that contributes to the vision.
- At any time, anyone can request to see a copy of the data held about them. Whilst providing this may occasionally surprise, if you feel comfortable with how you would explain that data to them, then you are a step forward.
Balancing risk vs outcomes
Ultimately, a balanced approach is key. Whether the least risky course of action is to collect consent is a decision for each institution to make. Such an assessment requires not only reviewing options for delivering compliance but also the impact of any changes on the ability of your advancement function to support your mission. No course of action is entirely risk-free. By analogy, one way to avoid food poisoning is to never eat anything, but that is not optimal!
Philanthropy is a wonderful thing. The SDGs ultimately find many of their answers in the outputs of educational institutions, and regulation is not intended to stifle the amazing outcomes which CASE members serve. Rather, it is aimed at driving the balanced protection of individuals and their data alongside your mission and delivering a better supporter experience overall.
It is yet to be seen whether change will centre around this aim. Technology enables security of data by design, and that is crucial and necessary. However, it can do far more.
GDPR presents new opportunities
This is a unique opportunity for the sector to revisit goals, and maximise the collective benefits for institutions, alumni and supporters. It is vital to articulate precisely how and why you are contacting alumni, researching prospects, engaging volunteers, inviting guests to events, and more. Being able to effectively tell this story and demonstrate impact will help you to reach greater fundraising goals and embed lifelong donor and alumni relationships.
We see alumni partnerships becoming increasingly central to institutional priorities, spurred by advancement. Alongside funding, alumni can enhance recruitment, social mobility, employability, industry and cultural engagement, research application, lifelong learning, governance, advocacy and – perhaps above all – boost reputations via word of mouth. Alumni are your largest constituency and best global ambassadors.
Likewise, we increasingly see the supporter experience touching all parts of institutions, aided by coordination. Philanthropy helps many students and staff members today, stirring new conversations and opportunities across campuses, through academics and other staff, within departments and colleges, and via volunteers beyond your walls. Backed by systems, your development office can be the conductor of this orchestra – ensuring the right notes are played and the experience augmented for everyone.
As the recent Ross-CASE survey showed, quality of relationships matter. Despite fewer alumni donors, overall giving to UK universities surpassed £1bn for the first time. There are mutual benefits to segmenting who you are contacting, based on why you are contacting them. Here, at least in the long-term, the GDPR and institutions’ missions can align: a careful, targeted and focused approach to engagement, underpinned by CRM, will enable achieving your goals whilst minimising the unwanted contact that any individual receives.
What you can expect from Blackbaud
When it comes to clearly understanding what we do with data, the regulatory landscape has undoubtedly raised the bar for Blackbaud and our customers alike. Your planning and execution needs to be crystal-clear organisationally, and the same is true for us.
At the end of June, we will publish our consent and preference management roadmap for the rest of 2017, detailing new feature development tailored to enable you to capture and evidence preferences and accommodate other data subject rights in accordance with the GDPR, FPS (where applicable) and ePrivacy regulation. Blackbaud product webinars in July will provide greater detail, and we will also publish companion information to CASE guidance, setting out how Blackbaud solutions can help you towards technology, data management and wider recommendations.
We recognise that advanced preparation for the GDPR is critical for operational continuity, and more broadly to thrive in support of your missions in the future advancement landscape, and all new features and solutions will be available in time to prepare for compliance.
The CASE Regulatory and Compliance Conference on 14 June and the subsequent guidance will be a great launchpad to support institutions along this journey, and Blackbaud is proud to be part of that. We will continue working closely with CASE Europe and other partners over the coming weeks and months to accompany you through the changing landscape and beyond.
Visit our GDPR hub for all Blackbaud updates on GDPR and FPS, including solution guides, videos and blogs.