The Long and Winding Road of Compliance

The 25 May 2018 has come and gone. And much like when the clock ticked past midnight on 31 December 1999, it was a bit of an anti-climax. The sky did not fall in, there was no rioting in the streets and we all just went to work in the same way we had done the day before without the ICO greeting us on our office doorsteps.

But the shift began way before the day GDPR came into law. For some it had started years earlier with gradual preparation, whilst for others there was a sudden realisation early in 2018 that action was required. Compliance is not a box ticking exercise and the responsibility of the person who sits in the office over there. It is the responsibility of everyone who works in or oversees fundraising.

The launch of GDPR brought data protection to the fore and now you’d be hard pressed to find a fundraiser who hasn’t heard of the terms ‘consent’ or ‘reasonable expectation’. We’ve spent more time than we thought humanly possible debating legitimate interest assessments. But GDPR did not happen in a vacuum and the importance of wider compliance was brought into the spotlight with the negative press in 2015 and ensuing regulatory review.

Many mindsets have now shifted from negativity and focusing on what we can’t do and what’s restricting us, to being much more positive. It has driven conversations and actions around data security and how we build supporter trust. Our job as fundraisers has always been to inspire and motivate people and if we focus on that, we should build lasting and rewarding relationships with supporters.

The last three years have been a hive of activity in this area and that has not finished with GDPR coming in. Compliance is a continuous process that needs to be evaluated and evolved over time.

At THINK’s Fundraising Regulation & Compliance Forum, debates are ongoing regarding re-permissioning, how to manage requests from supporters exercising their right to be forgotten, agreements and data sharing with third parties and if systems support compliance requirements. We have considered how to engage staff and ensure understanding and acceptance of responsibilities and also discussed how to harness the positive momentum within organisations when this is already happening. And then we have the E-Privacy Regulation hovering on the horizon…

If you would like to join us in these debates or are interested in finding out more about the Forum, please contact me on 07860 848031 or at