Has GDPR Changed How You Work with Your Stakeholders?
With the CASE Europe Development Services Conference just concluding in Sheffield, and as we near the first six months post-GDPR, it seems an appropriate time to talk about something that continues to generate press: personal data. In this brief post, we'll take a quick look at the current state of play post-GDPR and ask how this is affecting fundraising.
Six months of GDPR
As GDPR went from approaching, to imminent, to current, how people interpreted the wording of the legislation appeared to change. Having attended multiple seminars on GDPR, it seemed that even the legal experts couldn't agree on exactly where lines would be drawn between compliance and a breach.
While everyone does seem to have agreed on the key fundamentals of GDPR, such as the end of soft-opt ins, data security and breach reporting requirements, interpretation beyond that still seems subjective.
If your inbox was anything like mine in spring, you'll have noticed countless emails informing you that unless you opted in again, you would be unsubscribed from the database and you would miss the chance to take advantage of all of those amazing offers and discounts. As the 25th May grew closer though, the messaging seemed to change to a much less dramatic "We have updated our privacy policy."
Six months later, the uncertainty around GDPR is clearly evident each time you visit a new website and are presented with the cookie policy. I've seen everything from faint bars at the bottom of the screen that inform you that the site uses cookies and lets you know that your continued browsing is accepting their policy, to whole-page overlays that offer a selection of buttons - all of which default to 'off' - that allow you to choose which cookies you want to accept.
When it comes to site privacy policies, these too have often become weighty tomes of small print that go into incredible detail on each cookie used, what it does, why it improves the user experience and where you can go to learn more about cookies and how to manage your preferences.
With this level of technical jargon, are we really empowering individuals to manage how their data is used or have we, by attempting to comply with GDPR, muddled what we were trying to make transparent?
Ultimately, it may well be that for the short-term, much of GDPR will remain subjective; I would not see that as failure on the part of GDPR, however. If GDPR has done anything, it has focused organisations on the importance of data collection, storage and use as a process and as an investment, and one that requires a set of best practices and appropriate oversight.
For many institutions, database numbers may well have dropped, or not be growing at the rate they previously had been. One key aspect of this is that existing targets for key performance indicators may have to be re-evaluated and communicated to stakeholders.
With the first set of graduations post-GDPR behind us, you may already be starting to get a feel for how your data capture is changing. I think there will be many of us interested in how metrics such as contactable alumni will change in future Ross-CASE reports and how this could affect donations.
While database numbers may have fallen, many organisations are seeing increased engagement with messaging. With many non-openers removed from email lists and new subscribers making a conscious decision to remain contactable, many sectors are seeing increased open and click through rates.
GDPR hopefully has allowed a greater focus on what really matters, people and in particular the people who did opt in to stay in touch with your organisation. We can spend too much time chasing down those we lost and forget about those who chose to stay.
With database quality improving, and the process of data collection, management and use becoming a larger investment, how is your team ensuring that it extracts the maximum value from this data and reducing the impact of GDPR on your fundraising activities?
Share your stories and comments on how things have changed, or not, for your organization post GDPR.