Complying with GDPR Data Consent Regulations for Nonprofit Organizations

Jeff Gordy

The European Union’s new General Data Protection Regulation (GDPR) legislation goes into effect May 2018, and introduces new rules protecting the personal data of EU citizens.

The GDPR strengthens regulations around personal data collection and usage. While the GDPR only applies to organizations tracking the personal data of European Union citizens, the regulations set a great data quality and management standard for nonprofits everywhere.

To learn more about the GDPR and if it applies to you, click here.

One of the the GDPR’s main requirements ensures that constituents have consented to the collection and usage of their personal data — and they know exactly how it will be used.

We’ve put together a quick, step-by-step guide on everything you need to know about your nonprofit, constituent consent, and the GDPR.

What is consent? And why does it matter for nonprofits?

Per the GDPR, consent must now be obtained for every usage of personal data.

  • Separate consent must be obtained for each different storage or processing use, so your organization must be clear about how the data will be used.
  • Data subjects must explicitly opt-in to each data usage — inactivity or pre-ticked boxes do not count.

If your organization is tracking the personal data of any European Union citizens, it’s important to comply with the GDPR for legal reasons.

But even if the GDPR does not apply to you, adopting the new regulations — especially the requirements around constituent consent — could help your organization build more transparent, trusting relationships with your supporters.

NeonCRM makes it easy for you to track consent with new GDPR compliance features designed to help you manage consent response, scope, and change over time.

We’ve put together some quick how-to guides around getting and tracking consent. While your specific organization may have different needs depending on your data procedures, these should help you get started.

How to add opt-in consent fields to your online forms

In NeonCRM, we’ve made it possible to add opt-in consent fields to all of your online forms in one place.

In the System Settings menu, under Forms & Pages, you’ll see a Data Privacy & Consent option. From that page, you can enable or disable consent fields on all of your online forms.

Add data consent and privacy fields to all online forms at once in NeonCRM's System Settings

You can also add a privacy policy statement or link on your forms.

Here’s what the opt-in consent field looks like on the live form:

On front-end forms, data consent fields will display as opt-in check boxes.

If you’re working outside of NeonCRM, your database settings may differ. But even if your system is not compatible with GDPR regulations, you could create custom fields to track consent on your online forms.

How to send a GDPR-compliant email and mailing

If you’re already tracking constituent consent, you’ll want to make sure that your communications are only going out to the right supporters — those that have consented to receiving that type of communication.

In the Communications module, under Email Audiences, you can build a new audience.

Create a standard audience, and use the report/search functionality to filter out anyone who has opted out of email (or other) communications.

When creating a GDPR-compliant email list, you can search your system to filter out anyone who has not consented to communications.

From there, you can create additional filters to target a specific group of constituents.

Like mentioned above, even if these consent fields do not exist in your current system, they could be created through custom fields.

How to segment existing EU constituents and get consent

And what if you have existing EU constituents in your database, but haven’t gotten consent? The best way to obtain their consent is an opt-in email campaign.

First, you’ll need to build an email audience of constituents in European Union countries.

Use NeonCRM's reporting tool to build an email audience of constituents in European Union countries.

Next, you’ll need to build a form with the desired consent fields. You can turn on the consent fields through System Settings (see above), then create a dedicated form for this campaign. Since you’re just re-engaging existing contacts, you should encourage account login and reduce any extraneous fields besides name, email, etc.

Next, you’ll build an email linking to that form. Send it to your original audience! (Don’t be afraid to re-send to non-responders if necessary.)

After sending the email, you’ll be able to track consent on each individual’s account page — plus a change log to track adjustments over time.

Track constituent data consent on each account page, plus adjustments over time in the Consent Change Log.

If you’re looking to track constituent consent in bulk moving forward, you may want to consider saving some reports for the different consent types or states.

While these tips are designed to get you started, there are many other aspects of the GDPR that can help you build better relationships with supporters. Check out our GDPR compliance resource page to learn more.

Leave a Comment

[if lte IE 8]
[if lte IE 8]