Subscribers | Charities Management magazine | No. 113 Spring 2017 | Page 4
The magazine for charity managers and trustees

GDPR and the impact on fundraising income

ANDREW SARGENT, consultant analyst at data analytics and insight company WOOD FOR TREES, argues that the potential scope of the impact on fundraising of not complying with the General Data Protection Regulations (GDPR) has to be appreciated by charities so that they can make the necessary preparation for the arrival of the regulations.

Charities which are worried about the impact of the General Data Protection Regulations (GDPR) on fundraising income should be starting to prepare for it with some analysis. Analysis of the data in your charity, insight into the consent that is currently held and forecasting any risk that changes might mean to income. The clock is ticking for charities to be compliant come 25 May 2018.

The 5W framework (questions whose answers are considered basic in information gathering or problem solving) is a useful tool to understand what is required to become compliant. For fundraisers, the framework is particularly relevant when applied to donors. Why has their data been collected? And what is the legal basis for it being used to ask supporters to give?

These are areas of increasing scrutiny as charities must only collect the information that is needed to provide the service they are offering. It is this legal basis for collecting and processing the information that is troubling many charities. Whichever strategy is chosen it must be defendable if questioned by the public or the regulators.

Document decisions

Some charities have already decided to only contact supporters who have opted-in and given consent to them doing so. Others are planning to use their supporter data based on an argument of legitimate interest - ensuring supporters can opt-out, but not excluding those who haven’t, from contact. Whichever route a charity chooses, it is important to document those decisions, to understand how many supporters it effects and know what income might be lost – particularly if that’s your legitimate interest argument.

As well as deciding on the "why", charities will need to know what information is stored and where it is held. They will also need to know who has access to this information. Finally it needs to be proven when consent was given – so an individual’s consent can be renewed or their information erased as time lapses.

A simple framework can quickly become quite complex and this isn’t helped by databases that were not developed to do the things that GDPR requires. The state of a database is a cause for concern because of this and the ultimate risk to fundraising that the GDPR presents.

To identify the danger to any organisation, and to build a case for using personal data under GDPR the following three stages are recommended:

  • Identify the current level of consent in your database.
  • Find out how a lack of consent will affect income.
  • Decide who should be prioritised for consent.

Identify levels of consent

Knowing the level of consented supporter data is a big challenge for charities. It begins with putting a number on how many supporters are on a fundraising database, and then understanding how to segment them into different groups. It is important to get this right as everything else hangs off this starting point.

Next comes assessing how you currently manage consent. Identifying what data is available and comparing that to what is currently held on the database. Start with your data but talk to all the people who deal with it – the database managers or your selection assistants. You will need to understand what consent currently means to them - the rules and the intricacies they hold in their head can be very different to what is recorded on the database.

Looking for consent usually means looking at different suppressions and what detail is available. Cleaning up those suppressions is not the most exciting of tasks but it is important.

Analysis of databases shows that most suppressions are usually stored as opt-out positions – often with many codes, different names and different years attached, so getting them consistent is a great start. It is important to recognise that systems will have changed over time too. Information collected on supporters 24 months ago will often be worse than information collected in the past week.

To comply with GDPR you will need to be aware that suppressions may well have been utilised as marketing preferences but consent is not the same as a preference.

Understanding consent

To start to understand consent, look through the statements that have been used to gather permission to contact. These might be on direct mailing packs or in recent mailings. Collate these and then assess how legitimate the consent is and whether it has been given with explicit permission.

There are few organisations which currently record opt-ins. In fact, one of the worst CRMs (customer relationship management systems) one has seen had mailing suppressions, but without a date or source attached. The best can be ones that have all the required functionality but just may not be currently used in a compliant way.

Then consider how long the consent might be valid for. The Information Commissioner's Office is the ultimate judge on this and there is no legal precedent that currently exists. Having clear processes and procedures in place means you are gearing up for compliance.

As mentioned in the 5W framework, charities often hold personal information across the whole organisation, outside the fundraising database. Consider it all. It’s a case of mapping all the systems, so that if a supporter withdraws consent in one area, this is reflected in all the places their information is kept. For example, one often sees an overlap between supporters and volunteers. Their information and its use need to be consistent across the charity.

Breaking down consent

Leaving the multiple databases challenge aside, the next step is to understand how supporter consent breaks down by different communication channels. For example, how many people are contactable or not contactable by mail? It has been found that in a typical database, usually about 75% of people are mailable, with roughly 20% having a mailing suppression held against their record.

To effectively audit your data for consent start by cleaning suppression codes and rationalising these down - put in place a structure that mirrors the channels you want to hold consent for supporters. Consider the following:

  • Now is the time to start recording opt-ins - understand how the CRM is used to record consent. Look at the audit trail that can be collected.
  • If you haven’t already, update your charity’s Privacy Statement and start to signpost supporters to it.
  • If the database hasn’t been cleaned recently, now is the perfect time. The more accurate the figures to start with, the easier it is to forecast the impact of the GDPR.

Impact on income

How much money could we lose? This is the big question that charities are asking. What is the impact of the new regulations on fundraising income? How can the income that is currently being generated be protected? What channels of communication are going to be the most resilient?

A forecasting model can assess lots of different variables but it will likely include: how many supporters are contacted each year, their response rates and attrition rates. If you have a good grasp of data as proposed above, you should also have a good understanding of the current levels of consent. This means that reasonable assumptions can be made and scenarios can be worked up about the impact on fundraising.

For a broad brushstroke of what the impact of GDPR is likely to be, analyse what would happen if only half of the charity’s supporters could be contacted. Such a scenario will provide a big number. That’s no bad thing because this is often what is needed. A really big number to show to senior management so that compliance and consent become a critical issue to address.

Getting management onside

It also provides the big number that might be needed for a legitimate interest argument. And it is possible to be even more sophisticated than that, to really drill in and monitor changes over time – playing with attrition rates and value – but a top level view is a strong start to getting senior management onside.

What one has seen is that regular giving is better protected than other ways of giving, such as cash appeals. However, charities which carry out a lot of upgrade or reactivation activity will need to consider how those programmes will be affected. Where there is a low value regular contributor and a reliance on upgrade income to break even this may not be seen as viable. And those things can then alter channel mix decisions.

In contrast, cash giving is more at risk and a better understanding is required to ask those supporters to give differently in future or convert them to regular giving.

The other aspect to plan into forecasting is that when people are offered the option to opt-out of communications, or are required to opt-in, they will usually be circumspect. One has seen appeals where 10% of warm donors opt-out of future appeals when responding with a gift.

We know that charitable giving remains consistent year on year. According to the latest UK Giving report, £9.7 billion was donated by generous Brits in 2016, on a par with 2015. We have to hope that the GDPR regulations do not impact on this overall figure. What is in no doubt is that charities will have to work harder to raise these funds, and find more innovative methods to do so.

Aiming for supporter engagement

The aim for everyone though should be to get the supporter base as engaged with the use of their data as they want to be. If you run through a scenario where the ability to contact supporters is maintained and they are more engaged, fundraising performance increases. More money gets raised. This the big challenge that is facing all charities.

Fundraisers want to know who are the most important supporters. Where they need to spend time and effort to gain their consent. However, the classification of ‘important’ can vary from charity to charity. Some charities will look at the value of supporters, others at the engagement of the individuals.

Deciding on this terminology will help with segmentation and classification. Then it’s a case of looking at which channels are suited to each person. Remembering, of course, that past behaviour will indicate their preferred method of communication. So, if they came to you via social media, they should be responded to via this medium.

One of the most simple and most used models is looking at the Recency of supporter giving, the Frequency of the contribution, and the Value of the donations. There are other more complex data modelling tools and techniques. Regressions models will search out the relationships between different variables and how these can be applied to predict behaviour. Additionally, machine learning enables big data and third party data sets to be analysed through the use of sophisticated algorithms.

Better understanding

Data models are designed to get you to understand supporters and donors better, to accurately predict their future behaviour, to forecast fundraising more effectively and to spend effectively to yield the best return.

If charities undertake the steps above not only will they be on the right route to compliance, but they will also be on the path to a better database - one that can transform fundraising performance and mitigate the risk of GDPR to fundraising income.

END OF ARTICLE

Return to top of page

NEXT ARTICLE

Next Article