ABOUT GDPR & EASYFUNDRAISING
What has easyfundraising done to get ready for GDPR?
Easyfundraising has always looked after your personal data securely, however we have taken steps to ensure we were GDPR compliant before the legislation became effective on 25th May 2018.
We have completed a thorough review process which has seen us improve our processes, products, contracts, guidance and policies to help support everyone’s compliance with GDPR. While many of these changes will not be directly visible to you, some of them you will see in your account and through updates to our privacy policy and terms.
Who do I contact if I have questions about GDPR and easyfundraising?
You can contact our Data Protection Officer by emailing dpo@easyfundraising.org.uk and we will be able to answer your questions relating to GDPR and easyfundraising.
If you have any questions about GDPR and your organisation, you can get help and guidance at the Information Commissioners Office
What changes are you making and when?
We will be updating all of the relevant policies, features and information on our site, and these will be effective from 25th May.
We always looked after your data but we have updated our T&C’s and Privacy Policy to give you extra transparency on what data we hold, why we hold it and why it is necessary.
We are providing extra features in the My Account area of the site to allow you to manage your personal data in the easyfundraising platform.
Will you provide supporter data so I can use it to comply with HRMC requirements?
Yes, when personal data is required in order to comply with other regulations all supporters and causes will be made aware through our policies that personal information will be shared for this purpose.
We explicitly mention this in our supporter T&C’s and you can be sure that you have the relevant consent to hold this data.
Where can I get help to understand my organisations or causes responsibilities on GDPR?
Each organisation will need to review their own GDPR compliance and to help here are some useful resources.
Information Commissioners Office
Fundraising regulators GDPR checklist
https://www.fundraisingregulator.org.uk/wp-content/uploads/2017/02/ChecklistFinal.pdf
Institute of Fundraising guidance on GDPR
https://www.institute-of-fundraising.org.uk/guidance/research/get-ready-for-gdpr/spotlight-series/
Fundraising regulator guidance on marketing consent
I am only an individual or a small cause and we do not have the resources to comply with our GDPR obligations with respect to personal data. What can I/we do?
As a cause admin, the limited amount of personal data you have access to about your supporters in the easyfundraising platform is fully GDPR compliant. If you only use easyfundraising you can be confident that easyfundraising has collected the correct permissions on your behalf.
If you take any personal data out of the easyfundraising platform, or otherwise hold personal data not sourced from easyfundraising, you should ensure that you are able to meet your GDPR obligations.
If necessary you should consider taking professional advice.
ABOUT GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) replaces the Data Protection Directive and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. It will become effective on May 25, 2018.
Two of the key aims are to ensure that EU citizens rights are strengthened and at the same time, make sure the law is consistently applied across the EU. It is not just for organisations from the EU it applies to all businesses who have customers in the EU.
Who does GDPR apply to?
The GDPR applies not only to organisations or individuals who process data in the EU, but also any organisation or individual that offers goods or services to, or monitors the behavior of people inside the EU. GDPR applies even if the processing takes place outside of the EU.
What data does it apply to?
The GDPR applies to personal data, that is information that directly or indirectly could identify an individual. This includes information, such as names, addresses, phone numbers, date of birth, as well as IP addresses, cookie identifiers, device information, advertising identifiers, financial information, geo-location information, social media information, consumer preferences, and more.
What is a data controller?
A controller determines the purposes and means of processing personal data. You must ensure that organisations or people processing data on your behalf comply with GDPR.