As 2018 dawned, and May’s GDPR deadline approached, marketers were worried. Were we to be muffled? Our databases decimated? Were we witnessing the death of direct marketing and fundraising as we knew it?
The Third Sector Response
Many charities were late to take action and The Small Charities Coalition reported of some that had even closed over fears that it would be unable to meet the requirements of GDPR.
Notably, the British Red Cross, Rethink Mental Illness and Cancer Research and others, promised only opt-in communications. It was the RNLI though who most famously, and publicly, adopted this stance. And, 13 months later, after significant effort, its database had been re-built to 500,000.
How Charities Have Found GDPR
In October, NFP Synergy the charity research consultancy, summarised how GDPR had impacted:-
- GDPR has taken a lot of time, resource and energy
- Many believe it has been an opportunity to get their data-protection house in order
- GDPR does not seem to have improved charities’ relationships with stakeholders/beneficiaries
- Access to databases has shrunk, especially for phone
- Documenting suppliers and training staff top the list of difficulties and challenges
- There has been big variation on the basis of consent being used
It’s going to get tougher
By February 2019, 59,000 data breach notifications had been reported within the European Economic Area. Across all sectors 91 fines had been levied, with the largest being $57 million imposed on Google by France. Peter Milla, a data privacy expert, commented that, “The point here, is that this action indicates how seriously the EU intends to take its new privacy regulation and that we will see increasing GDPR fines.”
Donations are down
Overall charitable giving in the UK was down 4.7% in 2018, although mobile donations rose by 5.5.%. Some are quick to blame this fall on the regulations themselves however, Ian MacQuillin, director of the fundraising think tank Rogare, believes GDPR is less to blame than “the way that charities have badly interpreted and run with the legislation.” Ouch!
What’s the future for charity marketing?
While consent is a lawful basis of processing data under GDPR, its over-use can be taking “a sledgehammer to crack a nut”. Legitimate Interests is, as the ICO says itself, the most flexible basis. As long as charities are prepared to apply the requirements of the three-part “balancing test”, when it comes to direct mail at least, donors and supporters won’t be out of reach of our fundraising efforts.