Guest blogger on the topic of Alumni Relations and Fundraising: Graduway’s CFO and Data Protection Officer, David Whitefield
Alumni relations and fundraising professionals are now routinely having to grapple with the challenge of complying with laws and regulations relating to data privacy.
The compliance burden is increasing and penalties for breaches can be significant. Storing and processing sensitive or personal identifiable information has never been more in focus.
What does this mean for alumni relations and fundraising professionals everywhere?
Similar professionals working in government or for large corporations may have the internal resources and tailored legal guidance to see through the maze. However some of those professionals working in the not-for-profit sector may be struggling to know exactly how to respond.
So let me outline three pieces of advice to ensure every institution remains compliant irrespective of the nuances of the new regulations you happen to be facing:
1. Don’t panic
It is true that new laws and regulations are being implemented all the time regarding data privacy.
For example in the Europe Union, the new General Data Protection Regulation (GDPR), introduces a raft of new rights and safeguards to EU data subjects on what can and cannot be done with their data.
This is a scary prospect especially given the lack of compliance may lead to financial penalties.
On the other hand, most new data privacy regulations are built on existing data protection laws. This means if you are compliant with the laws today, you should already be half way there.
In short, don’t panic!
2. Ask the right questions
To map any gaps and understand what needs to be done to safeguard your data and your users’ privacy, I recommend that you ask these fundamental questions.
- What data is being collected and from which data subjects?
- What is the data being collected and used for, who by and for how long?
- Where in the world is the data collected, stored and used? Which law applies?
- Within this chain of data custody, who is the party responsible primarily responsible for safeguarding the privacy of the data?
3. Choose compliant partners
Having the answers to the above questions will allow you to structure the correct and compliant solution.
But know that this is rarely done in isolation. Data privacy can have many related touch points such as Legal, Information Security, Marketing and Fundraising.
It is critical that you also understand to what extent both your internal and external partners and vendors are also compliant with new regulations. This also needs to be an important criteria when choosing future partners as well.
So in summary, data privacy regulations can indeed be scary for alumni relations and fundraising professionals. But take a deep breath, ask the right questions and choose the right partners.
I would welcome your thoughts.