General Data Protection Regulation (GDPR)

When people register to come along to a Third Sector Cafe discussion, we ask them to tell us why the topic is of interest to them, and how coming along to the cafe can best help them. The sort of questions people are asking in advance of our cafe discussion on GDPR next week reflect a wide range of concerns about the impact of the upcoming GDPR.  

"We are implementing a new CRM solution and updating all of our supporter records in order to comply ... I want to confirm our obligations".

"I need some advice on wording the consent statement on our membership forms, event booking forms etc. Also on use of cookies on our website".

"We risk losing a database of medical professionals that could be involved with the charity because we do not have sufficient consent to continue emailing them regularly".

Although data protection is relevant for charities of all sizes, larger charities can face particular challenges with the enormity of the data they have to deal with, often including a build up of multiple mailing lists collected in many different formats across lot of different departments.

To get an idea of how a charity in this position might be approaching GDPR we asked Estelle Cable, Strategic Lead for Marketing for one of the larger YMCAs, about her plans for GDPR. 

Estelle leads a team of 3 people who are responsible for marketing the full range of services the YMCA offer. These are as varied as accommodation, gyms, play groups, advice surgeries and a range of well-being programmes to mention just a few! 

After a recent period of consolidation, Estelle's team are now responsible for leading marketing for an organisation which turns over about £20M and employs around 700 people (including sessional employees). As with many charities, GDPR is looming large on the marketing team’s horizons. The challenges Estelle and her team face may resonate with you - particularly, perhaps, their feeling that “GDPR doesn’t seem to be anyone else's priority but ours!".

They have also found getting to grips with the technical aspects of how data is stored internally daunting: "I'm not an expert on databases and CRM systems". 

Until now, each service has traditionally been responsible for collecting and storing its own data and the data lives in what Estelle describes as ‘data pockets’ or ‘data silos’ in various places across the organisation. There is also no consistency in the way data is held with a variety of different platforms currently being used including, for example, salesforce, a member management software called Gladstone and a number of ‘Smartsheets’ (like sharable google documents).

When the marketing team gets involved with a campaign they work with the data provided by each department. After attending recent GDPR training, the marketing team realise that it is not always clear enough how the data departments hold has been collected, how old it is or what permissions are associated with it.

As a result they are now looking at a range of new initiatives to enable the wider organisation to introduce a more consistent, and compliant approach to collecting, managing and using personal data. Included among these are: the creation of a new post for a data officer; and the introduction of a central database which could be accessed by each service area.

These two initiatives will enable them to ensure that: 

  • all opt outs are changed to opt ins

  • it is always clear, when personal data is collected, what purpose it will be used for, and how and when permission to use it has been given

  • anyone using any service will have an easy way to access the data the YMCA holds on them to amend or delete it

  • data is updated in an appropriately timely: more regularly for children for example, as they get older their use of and interests in YMCA services are likely to change

While this is definitely an operational challenge for the organisation, Estelle also sees that there are valuable marketing gains to be made. They will be not only be able to guarantee a more consistent, transparent level of service for people, at whatever point they are interacting with the YMCA, but the team will also be able to do more to offer people choice about the information the YMCA send them, and enable them to tailor it so it fits their personal interests.

Such an approach is not only in line with the organisations wider objectives and charitable purposes, but it its also better marketing. Treating customers in a way which recognises their personal interests is a better way to improve customer satisfaction levels, build loyalty and, ultimately, improve response rates to marketing initiatives. Allowing the YMCA can to get more bang for its marketing bucks. 

We're looking forward to discussing GDPR and its impact more in the cafe next week where these issues - and others - may well be the ones that participants want to explore further.

Sophy Hallam