From 25 May 2018, thanks to new laws under General Data Protection Regulation (GDPR), the consent of your supporters to receive updates and information on your latest campaigns etc., will need to be freely given, specific, informed and unambiguous; given by way of a statement or clear affirmative action to be lawful.
But what does that actually mean in practice?
Here are 10 things you need to know about consent:
- You will no longer be able to bundle consent requests within wider terms and conditions. A request for consent to receive marketing materials should be separate from terms and conditions and should not be a precondition of the provision of a service unless it is necessary for that service.
- Pre-ticked opt in boxes or opt-out boxes will no longer be valid. You must now use an un-ticked opt-in box or similar opt-in method that allows choice.
- Requests for consent should be broken down into different categories where possible to allow your supporters to consent separately.
- Your charity must be named along with any third parties (e.g. fundraising partners or agents) who will rely on the consent.
- You must keep good records allowing you to show: who has consented, to what they consented, when and how they consented.
- You must tell supporters that they have a right to withdraw their consent at any time, and you must tell them how to do this. The process for withdrawing consent cannot be more difficult than it was to give the consent in the first place!
- Supporters have the right to object to direct marketing and your charity must bring this right explicitly to the attention of supporters from the start.
- There is no set time limit for how long a person’s consent lasts but the Information Commissioner’s Office recommends refreshing it every two years.
- If you ignore the new law not only do you risk reputational issues but you could be fined up to €20m or up to 4% of your turnover.
- You should have started to prepare by reviewing the data you currently hold; assessing the reliability of the consent; and think about whether you have told your supporters of the changes being forced.
Luckily for charities two pieces of recent guidance on the subject have been issued by key data protection players in the third sector:
- The Fundraising Regulator issued guidance earlier this year on fundraising which makes reference to upcoming changes expected by GDPR and the e-privacy regulation. Read more
- The ICO has also issued draft guidance on consent under the GDPR. Read more
source Val Surgenor, Charity Law Specialist at MacRoberts LLP 31.07.17