What is GDPR and Why It Matters to Your Fundraising
The General Data Protection Regulation (or GDPR) is a new privacy standard in the European Union (EU). GDPR guarantees certain privacy rights to individuals who reside in the EU, which GDPR classifies as "data subjects."
GDPR guarantees certain privacy rights for data subjects. For example, data subjects have the right to control the use, retention and deletion of their "personal data." In the EU, personal data is very broadly defined to even include things like an IP address or email address.
The ways in which GDPR affects an organization will depend on whether the organization is classified as a "controller" or a "processor." A controller is the person or organization that "determines the purposes and means of the processing of personal data." The processor is the person or organization that "processes personal data on behalf of the controller." The controller and processor have certain unique responsibilities when it comes to the management and processing of personal data.
If your organization is directly marketing to a data subject then your organization is required to comply with GDPR - even if your organization is not based in the EU. In such case, your organization is most likely acting as a controller. Before a controller can use personal data, the controller must have a "lawful basis" for processing the data based on one of six legally recognized criteria. Organizations that engage in marketing in the EU should be sure they comply with the lawful basis requirements.
How will GDPR impact your fundraising? There are several ways in which your organization’s activities could be regulated by GDPR. If your organization's website collects statistical information about site visitors, including from EU residents, then you have certain obligations under GDPR. If your organization is using email to market to EU residents, your activities are subject to GDPR. Likewise, the use or retention of any data records, including in fundraising software applications such as a donor database, is subject to GDPR.
Crescendo has made a number of updates to its products and services in anticipation of GDPR. To learn more about the requirements of GDPR, Crescendo clients can visit our new GDPR hub by logging into www.cresmanager.com.
About Kristen Schultz Jaarda, JD, LLM
Kristen Schultz Jaarda is Executive Vice President of Crescendo Interactive, Inc. She specializes in charitable tax planning and online marketing for planned gifts. She is responsible for client education and leads Crescendo's marketing services and support team. She is a nationally recognized speaker, conducts seminars nationwide and is a principal faculty member of GiftCollege.
Kristen serves as a board member for the American Council on Gift Annuities (ACGA) and as a member of the ACGA Rates and State Regulations Committees, Editorial Advisory Board member for Planned Giving Today, Committee Member for the ABA Charitable Planning and Organization's Group, past Legislative Chair and a board member for the Partnership for Philanthropic Planning of Greater Los Angeles (PPP-LA), a member of the Ventura County Planned Giving Council and a committee member and volunteer for several California charities. She writes weekly for CrescendoTweet and her planned giving blog.
Previously, Kristen served as Counsel to the Assistant Secretary of Education in Washington, D.C. and was Oversight Counsel to the U.S. House Committee on the Judiciary. Prior to that, she worked in a public affairs law practice. Kristen graduated from UCLA School of Law where she was Law Review Editor. She completed her Tax LL.M. with honors at Loyola School of Law. Kristen is a member of the California State Bar, D.C. Bar and the Maryland State Bar.