Only five per cent of charities are ready for GDPR

Published Friday, April 27, 2018 10:46 AM by Mark Dewell, MD of Commercial and Third Sector

Survey highlights areas of focus for third sector in preparation for GDPR roll out

As Britain begins the final countdown to implementation of the new General Data Protection Regulations (GDPR) on 25 May 2018, software and services company, Advanced, reveals only five per cent of UK charities are truly ready for the roll out, according to a survey run this week (25th April*) of over 300 companies.

Over 300 third sector organisations attended a webinar hosted by Advanced, suggesting a clear focus and keenness amongst charities to implement the steps required to meet GDPR compliance in time for the deadline.

Alongside Advanced experts, the webinar included a panel of representatives from leading charities RSPB, Muslim Charity and Woodland Trust. Setting the benchmark, these organisations shared their successful journey to GDPR compliance and the challenges around management of consent and data retention, covering what they felt were the most important aspects of their plan to meet regulation by the deadline.

During the webinar, attendees took a survey about their own GDPR planning, with worrying statistics revealing more than three-quarters (76 per cent) admit there is still work to be done before they achieve full compliance.

More than half (56 per cent) identified consent as the top priority for their GDPR planning, with uncertainty about interpretation of GDPR representing the biggest obstacle to progress (48 per cent).

Mark Dewell, Managing Director – Commercial and Third Sector – Advanced, commented: “With so many charities joining our GDPR webinar, it’s clear there’s still a big appetite for information and advice about this topic, especially as we are now less than a month away before the legislation comes into force. This is both worrying yet unsurprising, given we know that only five per cent feel ready for the regulatory roll out, despite the threat of significant fines for failure to comply.

“Undoubtedly, the attendees are committed and focused upon achieving GDPR compliance. With the help of our third sector panel, we were able to provide valuable guidance, top tips and best practice to help ensure charities feel more able to meet their GDPR requirements ahead of the looming deadline.”

Attendees heard from some of the country’s leading charities on their journey to GDPR compliance, including the Muslim Charity, which suggested getting data in one place by completing a rigorous data audit is key to enable charities to answer any questions about the data they hold.

With the research revealing consent to be the biggest GDPR concern for charities, top tips from the RSPB and Woodland Trust focused around robust and engaging communications. For the RSPB, its approach to consent has involved a continual and comprehensive programme across email and website channels in order to capture the relevant permissions. While the Woodland Trust has focused a lot of energy on consent message testing to identify the communications most likely to engage and drive action.

Data retention was another important point raised by the Muslim Charity and the RSPB; for the Muslim Charity, an effective data retention policy which explains why data is being held and for how long is critical. Similarly, the RSPB has linked their data retention to finances to take into account potential Gift Aid claims and financial audit requirements.

Despite the work that the Information Commissioner’s Office (ICO) has done on GDPR preparation, it’s clear that a cloud of ambiguity still exists across the third sector. Uncertainty around consent and data retention seem to be the resounding worries for charities, with many concerned that their potential fundraising totals will be affected.
The attendance figures for our webinar suggest that GDPR remains at the top of the charity sector agenda and it’s a comfort to see such a keenness to achieve compliance ahead of the deadline. However, while progress has been made, there is still a way to go before many are GDPR ready.

There is a wealth of information available to charities on GDPR – arguably, too much of it which has caused levels of uncertainty about precise details and resultingly has become a barrier to adoption. Hopefully, the charities who joined our recent webinar will have gone away armed with relevant information and insights they need to move forward with their GDPR plans with confidence and efficiency in time for the 25 May.

For those that missed it, the full webinar can be found on demand here. Also, we’ll be holding further seminars on GDPR, to share best practice on reviewing success of compliance, so please do get in touch if you would like to take part – or indeed share your successes and learnings.