*This blog post is for informational purposes only and is not intended to be legal advice. Please consult your legal counsel with any specific question or to determine how GDPR may impact your organization or business.
When we talk about “transparency” in the nonprofit world, we’re often engaged in conversation about the mission, or the impact and distribution of fundraising dollars. But today, perhaps more than ever before, we talk about transparency through the lens of data and privacy. We’re tasked with being more thoughtful about how we use data in our everyday decisioning as fundraisers and marketers, particularly at a time when we can say the nonprofit industry has come a tremendous way in its uses of data for personalized and relevant constituent experiences.
But even as these more meaningful value exchanges are occurring thanks to data, we simultaneously find ourselves faced with savvier, more skeptical consumers that have become increasingly critical of where, how and for what purposes their information is being used. Though the heightened awareness and concern might be attributed to a recent flurry of events in the social media sphere, data privacy has really been a crucial conversation since the dawn of the Digital Age. That’s why it’s not necessarily surprising that changes are headed our way.
Come May 25, 2018, the European Union’s General Data Protection Regulations (GDPR) will shift some of the power back into the hands of consumers. The GDPR will challenge organizations, both commercial and nonprofit, to reconsider their positioning and internal capabilities around data privacy, data security, consent, control and transparency. We’re now living within the tension between personalization and privacy, and our future impact as fundraisers is largely dependent upon our abilities to adapt to this new reality, today.
Facebook, Cambridge Analytica & the ‘New’ State of Data-Driven Marketing
Facebook set out to create a world of unprecedented connectivity through its platform and yet, as we’ve all come to know over recent months, that very connectivity has made Facebook’s ecosystem vulnerable to the spread of misinformation and the work of a few bad actors that have leveraged Facebook’s data for divisive purposes.
We don’t need to go into details about the timeline and subsequent responses to the Cambridge Analytica scandal – we’ve been in the front row seat for some number of weeks now. But the situation, without a doubt, had a profound impact on the marketing and advertising industry, and the way we engage with our customers and constituents. Couple the Cambridge Analytica fallout with the onset of GDPR, and we now see not just Facebook, but Google and other platforms taking measures to limit the ways we can utilize data, and we expect these types of shifts to continue.
Personalization means a more focused marketing spend. And with our ability to personalize the experience already changing, we now need to be proactively thinking about our marketing and fundraising programs in relation to how our platforms are evolving, and what that ultimately means for the level of efficiency and impact we can achieve.
The Heightened Privacy Concerns Are Real
As an industry that prides ourselves in our evolved capabilities to not only deliver meaningful, personal experiences to constituents, but also to utilize data for real, tangible and scalable good, the increased attention on data privacy will be a crucial focus point for all of us. There are, however, sub-verticals of organizations that will likely act on this faster than others. For instance, as an ASPCA donor, (beyond my name, address, phone number, email, etc.) I’m probably sharing data that expresses my interests as an animal-lover. But if I’m someone that gives to a Healthcare organization, that org may know that my spouse has AIDS, or that I’ve survived a heart transplant. A similar scenario can be drawn in the case of Hunger and Poverty organizations, or Advocacy orgs like the Human Rights Campaign, where more sensitive information is passed between nonprofits and their audiences, like if I’m LGBTQ.
While knowing this information is an integral part of providing a relevant experience, we also know that there will be a much greater emphasis on consent, demonstrated control and clear explanations of how that information is used, managed and protected. Proving the value to constituents is only one piece of the more complex puzzle that these data regulations create. Particularly for the organizations that deal with sensitive data, clearness in the messaging around data privacy policies is critical. This includes making the policy visible, both on your website and in proactive communications with donors, and ensuring it’s appropriately reviewed and refined when necessary. While clarity is the priority, communication with donors, especially in the midlevel and major donor category, would benefit from having a human touch. As donors provide time, value and energy to the cause, it’s our jobs as fundraisers to ensure we’re being respectful and transparent about the way we handle and use donors’ information.
Why You Should Keep GDPR in Your News Alerts
While the degree of immediate impact for US-based organizations will vary, GDPR and the ongoing global conversation about data privacy is something we all need to pay attention to, regardless of whether we engage global donors or not.
Consider these action items:
- Focus on the changes that are affecting your world as a marketer now – with Facebook, Google, and other platforms. Map out what you do now that needs to change because of platform changes.
- Stay in the know about GDPR, privacy law evolution, and state level initiatives. If we have any changes in U.S. policy, being familiar with the ongoing conversation will put you ahead.
- Elevate the discussion internally if it hasn’t been already. This is critical if you have any EU residents on your file, but even if you don’t, starting the planning process now, should the time come, will save you time.