Most privacy and data protection legislation defines personal data as any information, or combination of information, that can identify an individual. Great. Super clear, right? Let’s think about it this way. You can have different pieces of personal data, such as a donor’s first name and mailing address. The first name itself is likely not personal because there are thousands of people named Mateo, for example. However, if you combine that with their address which identifies where they live, it’s more likely to be considered personal data or personally identifiable information (PII) because then you could identify a specific Mateo.
What are areas where my non-profit may be processing personal data?
Nonprofits rely upon relationships with their donors. So your use of mailing lists, donor outreach correspondence, social media, and donation tools on a regular basis are all areas that can process personal data.
What are some things I can do right now to start protecting personal data that my organization processes?
First, make sure you’re following basic security best practices for your domain name registrations, websites, social media accounts, etc. You can find some good tips to get started here, here, here, here, here, here and here.
What is consent?
While the specifics of “consent” can vary from regulation to regulation (so be sure to check regulations that may apply to you), in general it means you have notified an individual what data you are collecting and for what purpose and that they have actively given you their permission to do so. An active grant of permission usually means that an individual has affirmatively checked a box or made a similar declaration. Fundamentally, consent should be active, clear, and revocable.
Pro tips: Make sure you record each consent and have a way to stop processing that individual’s data (e.g., removing them from mailing lists) should they revoke their consent. Also, make sure you enable the ‘unsubscribe’ feature on your email client and be sure you keep your email lists up to date.
What are some of the major privacy and data protection laws?
For a comprehensive list, take a look at some of the resources provided by the International Association of Privacy Professionals (IAPP).
Why is it important to comply with privacy and data protection regulations?
As a non-profit or mission based organization, your relationship with your donors and supporters is paramount. Protecting the personal data that they entrust to you from breach or misuse is foundational in keeping your supporters’ trust. In addition, many regulations carry significant monetary fines for violations which could divert resources from your mission, so those are best avoided.