Working in charity fundraising is unique. When supporters give us their details, they aren’t buying something they need, they are being offered the opportunity to make a difference to those in need or the world around them. So if they choose to donate, it’s critical that they can have absolute trust and faith that their details will be used properly.
We engage with a large number of supporters across a range of causes each year and ensuring we are ready for General Data Protection Regulation (GDPR) has been no mean feat. Still, there has been no drastic shift in our top line approach; which reinforces the security and privacy of supporters’ details.
But it has given us a great opportunity to look in depth at how we handle data at all levels of the organisation, to unify our approach, simplify procedures, and to remind everyone here at HOME of their responsibilities towards any data we hold. These are the main changes we have made.
Introducing digital data processing
Until recently, the supporters that we recruited signed up by hand to donate to the charity of their choice, completing paper-based Direct Debit forms. While that may sound outdated, the fact is that digital payments and tablets are still relatively new to many of the supporters that our fundraisers encounter on a daily basis. In other words, many people were more comfortable with a paper-based form and it was quick and easy to complete.
Donors’ perceptions however have shifted markedly over the last year or so and their approach to electronic devices is really very different. So, having carried out a successful trial, GDPR has been a timely accelerant for us to move to a digital system.
The scale of our operation meant that we needed a reliable digital platform to support hundreds of teams working in the field each day, so we partnered with Ideal Host, who have been operating within the sector since 2007; their industry leading solution is geared up to react quickly and efficiently and allows us to meet the changing needs of our operation and of our client base.
We’re now in the final stages of rolling out digital processing across all of HOME’s 16 regions. The main advantages of this are that – with inbuilt data validation processes and encryption – we can further improve accuracy, security and efficiency, also making substantial time savings.
Cutting back on data
It is easy enough to build up large swathes of data and can be tempting to hold on to files and spreadsheets that just might be needed in the future. But one of the most important steps we have taken is to reduce the amount of data we hold and the length of time we keep contact information on file.
This has led us to make the decision to shorten our donor data retention policy from 5 years to 6 months after the end of campaign review. Any information we retain beyond this timeframe is anonymised, enabling us to continue producing client reports and analysing trends, but without holding any personal data longer than necessary.
A cleaner, clearer approach to data processing is what we’re after, and while we are still in the throes of transition, this is already notably easier to manage. The advantage of course of holding data for a short period of time is that it is less likely to become outdated and that we can continue to manage and maintain a smaller data set.
Consent for future contact
When our fundraisers go out on the doorstep, we find that both donors and the wider public respond well to requests for consent to future contact, providing that, with our charity partners’ help, we build a strong case for it. Gaining permission for consent has never been more important to charities than it is now, so we have increased our emphasis on consent for future content, enabling our charity partners to continue to use a variety of channels to engage and build relationships with their long-term supporters.
Supporting our people
With a large workforce, the challenge is to ensure that everyone understands how important information security is to us and their role within that, without making the process overly cumbersome or bureaucratic.
This means that, rather than having endless lengthy policies and procedures, we’re keeping it all as simple as possible, with a few core policies and guidance for how our people can implement them. We’ve introduced our own internal brand around data security and are holding a range of training procedures to help people put their knowledge into action. Our in-house Information Security Manager, is making regular visits to our regions to support each team and answer questions. And we’ll be working with third parties to ensure they are taking the same rigorous approach.
The way I see it, GDPR is not simply a matter of legislation, but an opportunity to thoroughly review our processes to ensure that the public’s information is always treated fairly and properly. As such, we’re excited about rolling out the final stages of our new data processes across the business in the coming weeks and we will continue to review what more we can do to further improve our approach.