GDPR Twitter Party – what we covered!

We hosted our first Twitter Party for professional bodies, membership organisations and NFPs on Tuesday 18th July with a GDPR theme.

A huge thanks to sector specialists Adapta Consulting who answered the flood of questions which came in! And a huge thanks to all our attendees – we hope you found the hour-long online session useful.

In the meantime, here are some of the tweets and answers that came up during our #MemGDPR Twitter Party which you may find interesting for reference. Please note that the answers are necessarily short and general in nature, and, if in doubt, you should always obtain advice based on your own particular needs:

Extracts from the conversation stream on Twitter…

Q: Can we get some clarity on ‘legitimate interest’ versus ‘marketing’? Can we still “cold” contact B2B prospects in our sector? #memgdpr
A: #MemGDPR Legitimate interest applies when you consider you are entitled to use the data, e.g. to process membership. PECR requires opt-in for direct marketing irrespective of legitimate interest. PECR is being replaced by ePR in May 2018

Q: “#MemGDPR what are your 3 top tips to ensure membership bodies are #GDPR compliant by May 2018?”
A: #MemGDPR 1. Make sure you are clear about your legal basis for processing. 2. Know your personal data – where you get it from, store it, what you do with it. 3. Provide compliance training, policies & procedures to your staff and volunteers. Also check the ICO’s useful 12-steps guide.

Q: #memgdpr what are some top tips to help to indicate the importance of GDPR to our colleagues?
A: #MemGDPR Trustees and SMTs need to understand the reputational risk and increased fines; managers and staff need to understand the big changes to procedures and systems.

Q: #MemGDPR @MemComUK too simplistic to choose legitimate interest over consent for record retention? Could be less bothersome to our members.
A: #MemGDPR You can retain personal data for as long as you have a valid business need for it, so consent is not required. Plus, you should have a data retention schedule.

Q: As membership bodies how far can legitimate interest apply is a subject that (ahem) interests me. #memgdpr
A: #MemGDPR Need to differentiate between providing core membership services and marketing. IoF has asked the ICO to provide more guidance on legitimate interests – very foggy area at the moment.

Q: Is it safest to assume that all existing data is non compliant and to seek new consent? Or is data gathered under existing law ok? #memgdpr
A: #MemGDPR If you didn’t get active consent previously, it’s safest for now to assume non-compliance and plan to seek new, valid consent. Also check the ICO’s useful 12-steps guide

Q: After May can we continue using data previously collected using current compliance opt ins that may not be complaint to new rules? #MemGDPR
A: #MemGDPR If the consent you currently hold is not going to be compliant next year then you may need to obtain a new valid consent – but consider legitimate interest which may make new consent unnecessary

Q: Advice on identifying major donor prospects from the data we hold on donors. If we can’t undertake wealth screening? #memgdpr
A: #MemGDPR Wealth screening is allowed so long as your donors have been informed and agreed to it

Q: Any good GDPR compliant databases out there? We use Raisers Edge for Fundraising. Considering upgrading to NXT. Anything cheaper? #memgdpr
A: #MemGDPR We are seeing all CRM suppliers “in the process” of making the necessary changes and “improving”. Too soon to compare with confidence.

Q: Any good tips on making Engaging Networks GDPR compliant? #memgdpr
A: #MemGDPR Proprietary systems like EN are the suppliers’ responsibility. However, charities need to be pressing suppliers for confirmation of compliance before the 2018 deadline.

Q: Do u suggest listing clear Opt In/Out options for ALL marketing comms – postal & email, even to warm prospects who already Opted-In #memgdpr
A: #MemGDPR There is no need to get opt in again for contacts who have already opted in. But an unsubscribe function should be included on all direct communications with them.

Q: Hiya! Will GDPR have any effect on using either custom or tailored audiences on Facebook/Twitter using customer data? #memgdpr
A: If you are using personally-identifiable data, then GDPR applies – irrespective of the audience platform or communication channel being used #MemGDPR

Q: #memgdpr re: members’ requests for their personal data, can some data be justifiably too difficult to retrieve/present to them?
A: #MemGDPR You may think you have a case for ‘disproportionate effort’ but you should be able to justify this to the ICO and bear in mind that the ICO may have a different opinion and consider you to have breached the Act

Q: Can we get some clarity on ‘legitimate interest’ versus ‘marketing’? Can we still “cold” contact B2B prospects in our sector? #memgdpr
A: #MemGDPR Legitimate interest applies when you consider you are entitled to use the data, e.g. to process membership. PECR requires opt-in for direct marketing irrespective of legitimate interest. PECR is being replaced by ePR in May 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *