the charities property association the impact of the gdpr
play

The Charities Property Association The impact of the GDPR - PowerPoint PPT Presentation

Dec 12, 2023 •422 likes •679 views

The Charities Property Association The impact of the GDPR (including its affect on your direct marketing and fundraising activities) Mark Harvey, Consultant Jonathan McDonald, Senior Associate charlesrussellspeechlys.com Introduction 2

  1. The Charities’ Property Association The impact of the GDPR (including its affect on your direct marketing and fundraising activities) Mark Harvey, Consultant Jonathan McDonald, Senior Associate charlesrussellspeechlys.com

  2. Introduction 2

  3. What we’ll cover • The data protection regulatory landscape • Main changes under the GDPR • Changes relating to direct marketing and fundraising • GDPR compliance strategy 3

  4. What will the regulatory landscape look like? • GDPR – 25 May 2018 • E-Privacy Regulation (repealing the E-Privacy Directive) – planned date for implementation still 25 May 2018 • Data Protection Bill (Queen’s speech) – the GDPR renamed?

  5. What regulatory guidance has been published? • Article 29 WP: • Guidelines on data portability • Guidelines on data protection officers • Guidelines on identifying a controller or processor’s lead supervisory authority • Draft guidelines on Data Protection Impact Assessments • ICO: • Preparing for the GDPR: 12 steps to take now • Overview of the GDPR • Privacy notices code of practice (short section on GDPR) • Draft consent guidance for public consultation

  6. The main changes under the GDPR • Extra-territorial applicability (and the one-stop shop) • Breach notification • Data Protection Officers • Sanctions for non-compliance • Accountability • Appointing a data processor • Impact on direct marketing and fundraising

  7. Accountability “ Arguably the biggest change is around accountability. The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation” Elizabeth Denham, Jan 2017 • A specific obligation on data controllers (although also impacts data processors) • Practical implications: • Data protection by design and default • Record keeping • Data Protection Impact Assessments

  8. Appointing a data processor… Issues to consider: • Due diligence of processors • Specific processing terms set out in the GDPR need to be incorporated in any written agreements between data controllers and data processors • Negotiating processor agreements when the stakes are raised Practical implications: • Review of template standard terms • Review of pre-2018 contracts • Dealing with third party ‘GDPR-ready’ patches

  9. Impact on direct marketing and fundraising • No GDPR definition of direct marketing • DPA definition still workable (and very broad): “the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals”. • Covers the promotion of aims and ideals as well as the sale of products and services, i.e. includes not-for-profit organisations (eg charities). • Fundraising - specific requirements in the new Charities (Protection and Social Investment) Act 2016. 9

  10. Fundraising and the bigger picture Currently methods of fundraising highlighted in the media and with the general public – intensified scrutiny. Concerns to raise standards in fundraising. Specific requirements in the new Charities (Protection and Social Investment) Act 2016. A number of new provisions relating specifically to: • Information provided in agreements as part of some charities’ annual reports • Reserve powers to introduce statutory regulation 10

  11. Fundraising (contd.) The new Act requires that fundraising agreements now include the following clauses: • Details of any voluntary fundraising scheme or standard that the commercial organisation undertakes to be bound by • Details of how the commercial organisation will protect vulnerable people and others from unreasonable intrusion on a person’s privacy, unreasonably persistent fundraising and undue pressure to donate • Details of arrangements enabling the charity to monitor compliance with the requirements in the agreement 11

  12. Grounds for direct marketing Article 6 [of the GDPR] Lawfulness of processing 1. Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; […] (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. 12

  13. Legitimate interest • “…what changes with GDPR is a shift in focus. The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks . It’s about moving away from seeing the law as a box ticking exercise , and instead pushes you to build a culture of privacy that pervades your entire organisation.” Elizabeth Denham's speech at the DMA Annual Conference 24 February 2017 • Conduct the balancing test (and document it) • Article 29 Working Party ‘ Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC ’ 13

  14. Consent 14

  15. Consent, the Fundraising Regulator and the Charity Code Fundraising regulator acquired “code of conduct” from Institute of Fundraising. Consultation on change to Code of Fundraising practice. This consultation has dealt with “current and pressing issues and concerns” in the following areas: a) Charity trustees duties to oversee the fundraising activities of their charity b) The fundraising ask c) Solicitation statements d) Raising concerns about fundraising practice (whistleblowing) e) People in vulnerable circumstances f) The delivery of charity collection bags g) How charities oversee their contracts with third party fundraisers Has impact on use of data and how relates to owners 15

  16. Fundraising Preference Service This will enable individuals to select charities they no longer wish to receive communications from. Intention for this to come into operation in spring or early summer 2017. Fundraising Regulator guidance document issued entitled “Personal Information and Fundraising Consent, Purpose and Transparency”. Recommended only communicating with individuals who have “opted in”. Communications should include a mechanism to withdraw consent easily at any time. Data should be obtained “fairly and lawfully”. 16

  17. Electronic marketing • “Any form of advertising, whether written or oral, sent to one or more identified or identifiable end-users of electronic communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail , SMS, etc.” • New draft e-Privacy Regulation (also May 2018?) • GDPR-consent are your only grounds (Art 16(1)) • The ‘soft opt-in’ remains “in the context of the sale of a product or a service” (Art 16(2)) 17

  18. Communication Making sense of it all… - Wider GDPR processing will apply if personal data Communication processed - Awareness of recipients circumstances 18

  19. Direct marketing Communication Making sense of it all… - Wider GDPR communication - processing will apply if Communication + - Consent or legitimate personal data Communication interest processed - - Always include opt-out Awareness of recipients Direct marketing - The fundraising ask circumstances communication 19

  20. Electronic Direct Direct marketing Making sense of it all… communication marketing - Communication + communication - - Direct marketing rules + Consent or legitimate Communication - interest Consent only (no legit - interests) Always include opt-out Direct marketing - - The fundraising ask Rules for SMS, Auto-tel calls and tell calls communication - Particularly, fundraising preference service Electronic direct marketing communication Email SMS Auto- tel call Tel Call 20

  21. Electronic Direct Soft Opt-in Making sense of it all… - Electronic direct marketing marketing rules for communication - Direct marketing rules + email + Communication - - Consent only (no legit Where a commercial communication – interests) Direct marketing - - Soft opt-in allowed for Rules for SMS, Auto-tel previous customers calls and tell calls communication - Particularly, fundraising (commercial arm?) preference service Electronic direct marketing communication Email SMS Soft opt- Auto- in tel call Tel Call 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Charities Property Fund www.cpfund.co.uk savillsim.com Economic Overview UK property

The Charities Property Fund www.cpfund.co.uk savillsim.com Economic Overview UK property

The Charities Property Fund www.cpfund.co.uk savillsim.com Economic Overview UK property valuation remains attractive relative to other classes Property yield spread over 10-year UK government bonds 12 July 2016: 5.4% spread 11 10 9 8 7

600 views • 48 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
GDPR Impact on Data Collection Practices New project kick off in Optimizing the Use of Data

GDPR Impact on Data Collection Practices New project kick off in Optimizing the Use of Data

GDPR Impact on Data Collection Practices New project kick off in Optimizing the Use of Data Standards working group Sara Pauwels 29NOV2017 GDPR Impact on Data Collection Practices Changing regulatory environment in EU with the

232 views • 5 slides
POP-UP SHOPS Charity Retail Association Property Group 22nd May 2019 POP-UP SHOPS 1. Anything

POP-UP SHOPS Charity Retail Association Property Group 22nd May 2019 POP-UP SHOPS 1. Anything

POP-UP SHOPS Charity Retail Association Property Group 22nd May 2019 POP-UP SHOPS 1. Anything in this for charities? 2. What are they? 3. History 4. Current market 5. Who are the brokers? 6. Who are the tenants? 7. Top end Pop-Up shops

434 views • 27 slides
Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri

Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri

Analyzing the Impact of GDPR on Storage Systems Aashaka Shah, Vinay Banakar, Supreeth Shastri Melissa Wasserman and Vijay Chidambaram General Data Protection Regulation (GDPR) May 25, 2018 Fundamental right Adopted after 2 years of public debate.

168 views • 16 slides
ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2

ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2

ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries 2 General overview GDPR entry in force: 25 May 2018 Impact goes far beyond EU! Organisations outside EU/EEA but with offer for EU

490 views • 14 slides
Voluntary sector Property and space needs Ruth Thompson Ethical Property Foundation Who are

Voluntary sector Property and space needs Ruth Thompson Ethical Property Foundation Who are

Voluntary sector Property and space needs Ruth Thompson Ethical Property Foundation Who are we? Nationwide property advice for charities and community groups - providing free and paid for solutions Input via in-house property

184 views • 14 slides
GDPR: The projected legal impact 26 June 2017 Jonathan McDonald, Senior Associate

GDPR: The projected legal impact 26 June 2017 Jonathan McDonald, Senior Associate

GDPR: The projected legal impact 26 June 2017 Jonathan McDonald, Senior Associate charlesrussellspeechlys.com What will the regulatory landscape look like? GDPR 25 May 2018 E-Privacy Regulation (repealing the E-Privacy Directive)

391 views • 10 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
presentation Brendon Ward Charities Services The Charities Sector - Scale Size of the charities

presentation Brendon Ward Charities Services The Charities Sector - Scale Size of the charities

General Managers presentation Brendon Ward Charities Services The Charities Sector - Scale Size of the charities sector Total registered charities 26,891 Total asset base $40 billion Total gross income $14.7 billion Government Grants

610 views • 23 slides
Raising Awareness of the General Data Protection Regulations (GDPR) Workshop aims are to:

Raising Awareness of the General Data Protection Regulations (GDPR) Workshop aims are to:

Raising Awareness of the General Data Protection Regulations (GDPR) Workshop aims are to: Provide an introduction to the GDPR Explore how the GDPR will impact on Early Years settings Highlight resources available to support Early

477 views • 45 slides
General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by Accredited by Powered by with General Data Protection Regulation (GDPR) Why? Supports a single digital market place Protect privacy

413 views • 22 slides
privacy regulations impact Australia What to consider as an Australian researcher. JACINTA

privacy regulations impact Australia What to consider as an Australian researcher. JACINTA

Tough European Union (EU) privacy regulations impact Australia What to consider as an Australian researcher. JACINTA OPIE 12 th August 2019 Overview Non GDPR Compliance Our Experience Core Principles TrueNTH GDPR Global Registry

452 views • 16 slides
The Controlled Drugs The Controlled Drugs (Supervision of Management and Use) (Supervision of

The Controlled Drugs The Controlled Drugs (Supervision of Management and Use) (Supervision of

The Controlled Drugs The Controlled Drugs (Supervision of Management and Use) (Supervision of Management and Use) Regulations (Northern Ireland) 2009 Regulations (Northern Ireland) 2009

970 views • 41 slides
SINGLE TOUCH PAYROLL Preparing for Single Touch Payroll Contents Whats changing Progress

SINGLE TOUCH PAYROLL Preparing for Single Touch Payroll Contents Whats changing Progress

SINGLE TOUCH PAYROLL Preparing for Single Touch Payroll Contents Whats changing Progress update How will your report be sent to the ATO Authorisations/Declarations How to Authenticate and Send UNCLASSIFIED Single

341 views • 19 slides
Identity Changes IETF 89, London, RTCWEB Martin Thomson Issue 1: Username API has three

Identity Changes IETF 89, London, RTCWEB Martin Thomson Issue 1: Username API has three

draft-ietf-rtcweb-security-arch Identity Changes IETF 89, London, RTCWEB Martin Thomson Issue 1: Username API has three options to setIdentityProvider: IdP name, IdP protocol, and user name (hint) Proposal: add username to

425 views • 9 slides
Security of Deep Learning Nicolas Papernot ~ ngp5056@cse.psu.edu PSU CSE - Dr. Patrick

Security of Deep Learning Nicolas Papernot ~ ngp5056@cse.psu.edu PSU CSE - Dr. Patrick

All parts of this talk should not be further distributed without first contacting the author Security of Deep Learning Nicolas Papernot ~ ngp5056@cse.psu.edu PSU CSE - Dr. Patrick McDaniels lab 1 All parts of this talk should not be further

752 views • 35 slides
Aviation Demand Forecasts Probabilistic Forecast Peer Review Key Issues and

Aviation Demand Forecasts Probabilistic Forecast Peer Review Key Issues and

Aviation Demand Forecasts Probabilistic Forecast Peer Review Key Issues and Trends Sensitivity Analysis Ongoing monitoring 1 2 3 4 5

602 views • 5 slides
Ru Rule les: s: BE BEPS PS Ac Actio ion 12 12 OUTLINE Purpose 3 Key Outputs

Ru Rule les: s: BE BEPS PS Ac Actio ion 12 12 OUTLINE Purpose 3 Key Outputs

Prof. Dr. Ana Paula Dourado University of Lisbon Mand andat atory ory Di Disc sclos losure ure Ru Rule les: s: BE BEPS PS Ac Actio ion 12 12 OUTLINE Purpose 3 Key Outputs Modular Design Meaning of Aggressive Tax

394 views • 23 slides
Technical Assistance Session Community Aw ard Program June 16 th , 2020 4:00-5:00pm Connecting

Technical Assistance Session Community Aw ard Program June 16 th , 2020 4:00-5:00pm Connecting

Technical Assistance Session Community Aw ard Program June 16 th , 2020 4:00-5:00pm Connecting w ith a Partner Partner form What kind of partner are you seeking? Faculty, Undergraduate Student, Graduate Student Do you have a

327 views • 5 slides
Algorithms for NLP CS 11-711 Fall 2020 Lecture 8: Viterbi, discriminative sequence labeling,

Algorithms for NLP CS 11-711 Fall 2020 Lecture 8: Viterbi, discriminative sequence labeling,

Algorithms for NLP CS 11-711 Fall 2020 Lecture 8: Viterbi, discriminative sequence labeling, NER Emma Strubell Announcements Project 1 is due tomorrow! You may submit up to 3 days late (out of a budget of 5 total for the semester).

890 views • 88 slides

More recommend