You’ve probably heard of the General Data Protection Regulation (or GDPR). After all, it’s been all over the news for months. And while it may seem like a complicated process, we’re here to break it down to help you understand what it means for your organization. We’ll guide you through how to create GDPR compliant donation forms. The changes you need to make are much simpler than you’d expect!
So, what exactly is the GDPR?
The GDPR is a new set of laws that provides guidelines for the collection and processing of the personal information of citizens of the European Union (EU).
If your organization is based in the EU, or if you process the personal data of individuals in the EU, the GDPR affects you. There are some key points to know regarding the GDPR:
- Consent: Donors must freely give consent for the gathering and processing of their data and reserve the right to withdraw their consent at any time.
- Right to access: Donors have the right to access any personal information that has been collected from them. They can ask for confirmation whether or not personal data concerning them is being processed, as well as where and for what reason and they can be provided with a copy of that data.
- Right to be forgotten: Donors can request that their personal information be erased.
Donorbox has added new GDPR-friendly forms to help you be compliant, which includes check-boxes for opt-in consent. These include the option for an editable section to add your privacy policy and your terms and conditions, as well as the option to gather consent from your donor’s to subscribe to your mailing list.
What information do I need to include in my privacy policy?
In the updated Donorbox forms, you’ll notice that there is the option to ask your donors for consent to agree to the GDPR terms. This is where you can enter custom links to your privacy policy and terms and conditions. If you already have a privacy policy, you will probably have to make a few changes to it so that it can meet the GDPR’s standards. Your new or updated policy should be written in layman’s terms and you should make clear in it that your donor’s have the right to:
- Request access to their personal information
- Know whether or not their data is being processed
- Know where their data is being processed
- Know why it is being processed
- Have a copy of their data provided to them free-of-charge
- Request that their data be erased
How to enable the GDPR terms agreement on your donation form
In order to be GDPR-compliant, you must ask your donors to agree to your privacy policy and terms and conditions. You can do this in the email tab of your campaign editor by enabling the toggle that asks them to agree to GDPR terms.
Highlight the words hyperlinked words Privacy Policy and/or Terms of Service to edit links to your own policies and terms.
Why do I need to ask for consent from my donors to subscribe to my mailing list?
The GDPR has a direct impact on marketing practices, including email marketing. There is now a higher standard set in place regarding consent for EU-based subscribers. If you are going to process the data of EU citizens, these new regulations state that personal data must be “freely given, specific, informed, and unambiguous.”
Therefore, along with requiring consent from your donor’s to agree to your privacy policy, you must also ask for consent from your donor’s to subscribe to your mailing list.
How to enable the email subscription button
There is a toggle in the email tab for the new donation form that allows you to ask your donor’s to subscribe to your mailing list. Be specific in what sorts of emails you will be sending them. For example, if you are sending your donor’s updates on your nonprofit, you can write something like “subscribe to our mailing list to receive updates from us. You can unsubscribe at any time.”
In order to be compliant with the GDPR, your donors must be able to opt out of receiving your emails just as easily as they opted in. Additionally, to remain compliant, this option cannot be checked by default.
After enabling subscription consent and asking your donors to agree to your privacy policy and/or terms and conditions, save your form to make it GDPR-compliant.
And that’s it! Your new donation forms are now GDPR-compliant.