As a nonprofit organization, it's incredibly important that you respect your donors' privacy. You likely have access to great amounts of personal information on your constituents, and those constituents are trusting that that personal information is FYEO.
Over the last month or so, you've probably been barraged with emails about the new General Data Protection Regulation (GDPR), which went into effect today. If you haven't received these emails, there's either something wrong with your inbox or you haven't subscribed to anything, ever. GDPR is a regulation in European Union law on data protection and privacy for anyone in the EU that addresses the export of personal data outside the EU. It sets guidelines and standards for collecting, storing and processing the personal information of individuals within the EU.
So, if you're a U.S.-based nonprofit, what does this mean for you? As a nonprofit, you manage copious amounts of data, including data from volunteers, employees and trustees. You may also provide services to beneficiaries and serve as a fundraising organization, which means you collect, process and control information and data.
Classy explains it perfectly:
"In order for your nonprofit to be compliant, you must be transparent and meticulous when it comes to the collection and processing of personal data. This applies to the data of employees, volunteers, donors, supporters—anyone from whom your nonprofit collects personal data. Organizations must have a written policy and procedure for how they handle personal data and abide by the privacy principles."
The Institute of Fundraising put together a guide to help nonprofit organizations assure that they are remaining compliant with GDPR. And while your nonprofit can still process personal data, it has to be done in a way that is in agreement with GDPR. The six bases for processing data, as written by the Institute of Fundraising, are:
This may all seem complicated and confusing, but there are steps that you can take to make sure that your team is up-to-speed and that your donors are feeling like their data is protected.
As always, we encourage you to seek legal assistance with any questions you may have regarding GDPR and other government regulations, as these are only tips and tricks. There are many resources available to help you make sure that your team is prepared for the data privacy changes taking place.