Scroll
Follow

GDPR and Your Databank

The European Union's General Data Protection Regulation (GDPR) has been with us for a while now.  If you need or want to comply with this regulation, your Databank gives you a leg up in meeting that goal.
 
Because many of thedatabank's clients do not have relationships with EU residents, we would not characterize our products as "out of the box" GDPR ready.  However, having a Databank definitely helps address GDPR rights, using out of the box functionality available in the software, and some best practices that will meet other GDPR standards.
 
Below are the basic GDPR rights, and how your Databank helps address them:
 
Adherence to GDPR Basic Rights:
  1. The right to be informed about the collection and use of personal data
    Databank clients should be aware of how they're using contacts' data, e.g., for email communications, to help with volunteerism, etc., so that they can communicate this usage on their web site and in other communication channels.  Fundraising clients should reveal that donor information is passed on to a payment gateway in order to process credit card and electronic check (aka ACH or EFT) transactions.

  2. The right of access to their personal data and supplementary information
    The Contact Roster, Fundraising Roster, Activity Roster, and Custom Table Rosters make it relatively easy to provide this information in printed form to a contact who asks for it.

  3. The right to rectification of inaccurate personal data or completion of incomplete data
    In a system such as the Databank, this is simply data entry to edit corrections into a contact's record.

  4. The right to erasure of personal data
    Deleting the contact accomplishes this.  Clearing fields would accomplish this for contacts that only want specific data erased.

  5. The right to restrict processing which allows an organization to store data but not use it
    There is little processing in your Databank, as it primarily records and reports interactions with contacts.  Unless a client has custom processes written for them, processing mainly consists of preparing and sending emails for newsletters, fundraising solicitations, calls to action, meeting invitations, and communications regarding volunteer activities.  So for the most part, the right to restrict processing is handled by managing subscriptions, or unsubscribing altogether.  Every PowerMail includes a link to manage subscriptions or unsubscribe.

    For clients that do postal mailings, make use of the "Do Not Mail" preference in the Personal page.  Use it to exclude contacts from postal mailings.

  6. The right to data portability which allows individuals to safely and securely obtain and reuse their own data for their own purposes
    We interpret this to mean the contact should have a means to request an electronic version of their data.  This can be accomplished via the Export function, which creates a series of comma-separated-value (CSV) files.

  7. The right to object to processing based on legitimate interests, direct marketing, and for purposes of research
    See #5.

  8. Rights in relation to automated decision-making and profiling
    See #5.

Additional Tips for GDPR Compliance:
  1. In Form Builder forms, do not use the option to automatically subscribe contacts to publications, and do not pre-check publications to subscribe to.  GDPR does not consider either of these to be valid opt in.

  2. Send an email to current EU residents in your contact list, soliciting them to confirm their subscriptions.  Unsubscribe contacts who do not respond, or who respond in the negative.  Record responses in your Databank.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments