Beginning on May 25th, 2018, the General Data Protection Regulation (GDPR) will come into effect. This new European Union regulation applies to any organization that processes and handles data about EU citizens, even if the organization is based outside of the EU. This means that if you have donors in the EU or your website has visitors from the EU, then you should be aware of this important regulation.
Kevin Conroy, GlobalGiving’s Chief Product Officer, shared tips in this article about how your organization can prepare for this change, but we would also like to share how we are updating our systems to align with this new regulation and what changes you may see as a project leader on GlobalGiving.
What is GlobalGiving doing to prepare for GDPR?
In addition, GlobalGiving will be launching a new “My Account” section of our website that not only reflects our more modern look-and-feel, but also has the necessary links to support individual rights under GDPR, such as the right to erasure (e.g. “Delete My Account”), the right to portability (e.g. “Download My Data”), and the right to object or restrict processing (e.g. “Edit My Preferences”). A full summary of our preparation efforts can be found on this page.
What will be different for project leaders?
As a project leader on our site, your experience will remain primarily the same as GlobalGiving has done all of the necessary work to prepare to accept donations under the GDPR. There are, however, three instances that will change to ensure that we are prepared for the stricter data processing and data security rules:
1) Disbursement Reports
In the past, we have sent an email to each organization’s listed disbursement contact with a summary of the disbursement and an attached disbursement report. Starting with the next disbursement on May 25th, we will not be sending a disbursement report in the email but rather an email summary with a link to your disbursement manager where you can download a copy of your disbursement report. We are making this change to ensure better data security around donors information.
2) Daily Donation Email Notifications
Similarly, we will be modifying the daily donation email summary to contain a summary of the total amount raised for each project in the last 24 hours, but will remove donor names and emails from this communication. You will need to log into to your donation manager to see information about individual donations. We are making this change to ensure better data security around donors information.
3) Project Reports and Appeals
As a part of GDPR, there must be a proper legal basis in order to process personal information and to contact donors. This impacts project reports and appeals on our site as they may be considered “direct marketing” to keep donors engaged with your work and hopefully donate again.
Thus, donors in the EU must provide affirmative consent to receive project reports and updates. GlobalGiving proactively made this change in November 2017 and since that time, EU and UK donors have had the option to select if they wish to receive email updates or not. Just prior to May 25th, we will unsubscribe any UK or EU donor who donated prior to November 2017 who have not affirmatively opted-in to receive GlobalGiving emails. We will send re-consent emails to these donors to see if they would like to receive these emails in the future, and will only unsubscribe donors who do not provide this consent.
We hope to make these changes as seamlessly as possible to avoid disruption for both our partners and donors on our site. Please reach out if you have any questions about GlobalGiving’s compliance with GDPR. We are happy to help!