GDPR will require charities who rely on consent as a basis for processing the personal data of EU constituents, to make certain that data subjects affirmatively opt-in to the processing of their data by you. Further, GDPR will require that organisations be able to demonstrate they have collected such consent.
- The term “consent” is used to describe a supporter’s permission to use their data in a certain way (eg. marketing, communications, wealth screening).
- The term “processing” refers to any activities an organisation takes with respect to a supporter’s data, including collection, use, storage, sharing, data enrichment or analytics.
As always, it is best for charities to work with their organisation’s legal advisor, who is familiar with their practices and constituents, to determine their obligations under existing laws.