News

14 March 2018 Andy

How prepared are you for the GDPR?

We’re producing a series of informative articles about the GDPR aimed at membership associations. To recap, the GDPR is a new set of regulations concerning personal data that organisations in the EU must adhere to. The deadline for complying is 25th May 2018.

If you work for a membership organisation, non-profit or charity and have not heard of the GDPR, then I’d advise starting with our introduction to GDPR article. If you already know about the GDPR and would like to be better prepared, read on for some official recommendations from the ICO and some practical advice from ourselves.

Should you panic?

In a word: no. It can feel overwhelming having to ensure you have strict GDPR procedures in place, but there’s no need to panic. The GDPR can be seen as an extension of the Data Protection act which has been around for 20 years. Your organisation most likely complies with these regulations so you’re half way there already.

As a membership organisation, the main changes you’ll likely face are the way you obtain, store and process personal data. Let’s look at how to get sorted.

What should I think about next?

We’ll look at some sensible ideas for your organisation to get GDPR ready.

Knowledge and awareness

The first step towards compliance is understanding the GDPR and how it will impact your organisation. Learn what processes your organisation must take and what areas of your organisation it affects. Ensure employees who collect and process personal information know about the GDPR and how it might affect their activities.

Responsibility

Appoint someone to lead data protection regulations within your organisation. They will oversee how data is handled and ensure GDPR is complied with going forward. This does not need to be a new position – it can be added to the responsibilities of an existing employee.

Processes

The day-to-day tasks involved in data processing and collection will need to be documented, firstly in case of an audit and secondly so employees know what they should be doing when dealing with data.

Some processes include:

  • Auditing your current data: Seeing if how you collect and process data currently complies, with the aim of putting that right if it does not. This is likely to bring up some issues around whether consent was obtained to collect or use data so…
  • Put current data right: Obtain consent if needed for those who have not given it. (See our article on whether you need consent or not.) This is arguably the toughest task for membership organisations as it is unlikely that your members have given consent that adheres to current guidelines.
  • Future data collection and processing: Define how you will collect and use data in the future in a way that complies. Again, the main issues for membership will be around consent. Ensure every employee that deals with data knows this process.
  • Transparency: Have everything documented, including processes and an auditable trail for your data and consent, in case you are audited or if a member queries their data.

Contacting members

A lot of concern is about not having consent to contact current members. If you perform B2C marketing you may have to change the way you communicate with your members as you’ll need their consent to email them. But your membership organisation is in a better position than other sectors as members actively signed up for membership – they likely want to be contacted for updates within their industry or about upcoming events. Asking them for consent should see a high success rate.

Some official advice on GDPR preparation

The Information Commissioner’s Office, who will regulate the GDPR in the UK, have handily produced various resources to help those who must comply with the GDPR. We’ve picked out some of the more useful ones for membership organisations:

  • Preparing for the GDPR – 12 Steps to take (PDF) – A guide that takes you through the twelve main aspects of the GDPR with a bit of practical advice for each area.
  • Checklists – Depending on whether you control and/or process data, there are some quizzes to help you better understand how ready you are and what you need to do to comply.
  • A general GDPR guide – A very in-depth guide to all aspects of the GDPR.

Final thoughts for membership associations

Hopefully you should now know how prepared you are for GDPR, where to look for advice and what you can do next. There is a need to act upon GDPR but we have shown you that you needn’t panic as membership organisations are in a good position.

And of course if you wish to chat about redeveloping your organisation’s website to make membership tasks much more GDPR friendly and less hassle for your membership team, then simply get in touch to discuss your options.

Keep an eye out for future articles about the GDPR and how it will affect membership organisations. Check out our news section, LinkedIn, Facebook and Twitter.

In case you missed it...