Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection and CRM

Published byGervais Bailey Modified over 7 years ago

Similar presentations

Presentation on theme: "Data Protection and CRM"— Presentation transcript:

1 Data Protection and CRM
Graham Hewitt, The Access Group

2 About me Working with NFP CRM since 2004
I am a non-technical user (no hablo SQL) I am not a Data Protection or legal advisor (but I know a couple) Starting with Introductions …

3 20 years experience in NFP
About Access Group 1,200+ Charities, educational establishments, visitor attractions and membership associations use Access 20 years experience in NFP “Access thankQ CRM is the single most important communication tool at our disposal and is fundamental to everything we do.” Access is a UK software business with around 1,000 staff and heading towards £100m turnover. The NFP sector is significant to us, so we have a division dedicate to the supply of NFP systems. We have over 1200 UK NFP clients. 10,000 NFP professionals use Access to manage CRM, finance, HR, payroll, business intelligence, membership and fundraising Over 95% of customers choose to renew their relationship with us every year Around 400 thankQ CRM clients 67 new Access thankQ CRM customers last year Many staff with between 10 and 20 years delivering thankQ

4 CRM & other systems CRM Skills & qualifications Rostering Service delivery Events Membership Fundraising Cashbook Purchase ledger Sales Social media Mobile Budgeting Costing Assets P&L Analytics Employee Volunteer Customer Letters Contracts Stakeholder reports Plans Committees Recruitment Policies Appraisals & absence Process automation Real time information HMRC accredited SIGs Grants I am going to speak about CRM today, but you hold data in a number of other systems. Data Protection is going to impact those as well.

5 About you Introductions

6 Your role Digital & Content
Campaign Manager for Fundraising or Membership Something else By show of hands … what is your role within your organisation

7 Your day to day objectives
What do you consider your primary aim with social media and campaigns? Measure Responses to Calls to Action? MORE WORK ON Middle Line – build & colour Encourage Stimulate Engagement Monitor Activity

8 Your day to day tools Which CRM does your organisation use?
These are common brands of CRM in NFP. By show of hands, who uses …?

9 Your day to day tools Which CRM does your organisation use?
There are a few others … Any used that I haven’t mentioned?

10 Your understanding Implications of GDPR and FPS on your CRM
I would like to gauge the extent of your knowledge and understanding when it comes to GDPR, and how you may need to change what you record and how you process data in your CRM and what passes through Engaging Networks.

11 Personal sensitive information
The point of CRM is to touch a wide range of organisation data … and there lies the challenge. Lots of data held. Lots of points of entry

12 Personal sensitive information
What do you record and why do you record it? DOB or Age? Biography – Nationality / Sexuality (Equal Opps) Risk by Association: Animal Rights, Politics, Religion, Conservation, Medical Demographic data

13 Personal Information developer events SMS API EPOS & Ticketing committees telethon advice barcode retail links The point of CRM is to touch a wide range of organisation data … and there lies the challenge. Lots of data held. Lots of points of entry mobile feedback sponsorship JustGiving API volunteers web integration alumni bulk API link to accounts VIPs trading grants AUDDIS / SEPA CRM membership fundraising data tools finance

14 Personal Information developer events SMS API EPOS & Ticketing committees telethon advice barcode retail links Personal data could be held in these areas. Could include Casework? Client beneficiary data? Bank details, Age, etc mobile feedback sponsorship JustGiving API volunteers web integration alumni bulk API link to accounts VIPs trading grants AUDDIS / SEPA CRM membership fundraising data tools finance

15 Personal Information developer events SMS API EPOS & Ticketing committees telethon advice barcode retail links What other connected systems need consideration? HR? Website (local data)? Online shop? Etc. mobile feedback sponsorship JustGiving API volunteers web integration alumni bulk API link to accounts VIPs trading grants AUDDIS / SEPA CRM membership fundraising data tools finance

16 GDPR General Data Protection Regulation Comes into force 25 May 2018
GDPR: link Let’s start with the basics

17 3 pillars of the GDPR legal framework
Purpose Lawfulness Fairness and Transparency The current law, and the GDPR, contain three core pillars that underpin fundraising and direct marketing. Purpose There needs to be clarity on what you are using the information for. Lawfulness It should be clear whether you need, and have obtained, the consent of the individual to use their personal information in a particular way – or you can claim ‘legitimate interest’ instead. Fairness and transparency When you collected personal information, it was clear how it would be used and how it would be processed – by both your organisation and any third parties that you choose to deal with.

18 3 pillars of the GDPR legal framework
Purpose There needs to be clarity on what you are using the information for. The current law, and the GDPR, contain three core pillars that underpin fundraising and direct marketing. Purpose There needs to be clarity on what you are using the information for. Lawfulness It should be clear whether you need, and have obtained, the consent of the individual to use their personal information in a particular way – or you can claim ‘legitimate interest’ instead. Fairness and transparency When you collected personal information, it was clear how it would be used and how it would be processed – by both your organisation and any third parties that you choose to deal with.

19 3 pillars of the GDPR legal framework
Lawfulness It should be clear whether you need, and have obtained, the consent of the individual to use their personal information in a particular way – or you can claim ‘legitimate interest’ instead. The current law, and the GDPR, contain three core pillars that underpin fundraising and direct marketing. Purpose There needs to be clarity on what you are using the information for. Lawfulness It should be clear whether you need, and have obtained, the consent of the individual to use their personal information in a particular way – or you can claim ‘legitimate interest’ instead. Fairness and transparency When you collected personal information, it was clear how it would be used and how it would be processed – by both your organisation and any third parties that you choose to deal with.

20 3 pillars of the GDPR legal framework
Fairness and transparency When you collected personal information, it was clear how it would be used and how it would be processed – by both your organisation and any third parties that you choose to deal with. The current law, and the GDPR, contain three core pillars that underpin fundraising and direct marketing. Purpose There needs to be clarity on what you are using the information for. Lawfulness It should be clear whether you need, and have obtained, the consent of the individual to use their personal information in a particular way – or you can claim ‘legitimate interest’ instead. Fairness and transparency When you collected personal information, it was clear how it would be used and how it would be processed – by both your organisation and any third parties that you choose to deal with.

21 GDPR – why comply? Avoid financial penalties Reputation management
Effective use of data Picture: marble columns at supreme court

22 Fundraising Regulator Guidance
Fundraising & Regulatory Compliance Conference, 21 February 2017 Videos: link Document: link

23 Fundraising Regulator Guidance
“Charities should also assess what impact their approach to Direct Marketing will have on any existing data management systems (for example, Customer Relationship Management (CRM) systems; databases) in order that these systems support the delivery of the agreed approach.”

24 ICO Guidance GDPR consent draft guidance Published 2 March 2017
Document: link Consultation closes on 31 March 2017

25 Impact on CRM Consent management Removal of obsolete data Data sources
Managing compliance

26 Consent

27 Consent – a timeline Do Not Mail Y/N 1992 Scroll sideways??
Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

28 Consent – a timeline Method Do Not Mail  Do Not Contact 
2004 Method Do Not Mail  Do Not Phone  Do Not  Do Not SMS  Do Not Contact  Reason Incorrect Address Deceased Lapsed Membership Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

29 Evolution of Preferences
2006 Campaigns  Events  Volunteering  Newsletter  Lottery/Raffle  Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

30 Evolution of Preferences
2006 Campaigns  Events  Volunteering  Newsletter  Lottery/Raffle  Gala Dinners Race Nights Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT Golf Days Running Cycling Marathons Triathlons Fun Runs Colour Runs Midnight walk

31 Evolution of Preferences
2006 Campaigns  Events  Volunteering  Newsletter  Lottery/Raffle  Gala Dinners Race Nights Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT Golf Days Running Cycling Marathons Triathlons Fun Runs Colour Runs Midnight walk

32 Evolution of Preferences
2006 Campaigns  Events  Volunteering  Newsletter  Lottery/Raffle  Newsletter Staff News Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT Volunteer News Medical Professionals Service Users Training & CPD Member Interest Groups Vacancy News

33 Purposes Campaigns  Events  Volunteering  Newsletter 
Lottery/Raffle  Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

34 Christmas Raffle / Lottery
Purposes Campaigns General Appeals Events Disaster Appeals Gala Events Suitability and Preferences - Personalisation of content Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT Legacy Challenge Events Patron / Friend Scheme Running Cycling Triathlon Fun Runs Retail News Christmas Raffle / Lottery

35 Take away action #1 Define your Purposes …
and the impact on Preferences Challenge Events Running Cycling Triathlon Fun Runs Volunteering Volunteer vacancies Volunteer newsletter Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

36 Consent Database recording Audit Purpose Preference Method
Refined Preferences – very granular. Good to be specific for audience. Now – Consent model?? Specific. User interface? Source Start Date Expiry Date Status 

37 Take away action #2 Database recording Audit Purpose Preference Method
Refined Preferences – very granular. Good to be specific for audience. Now – Consent model?? Specific. User interface? Source Start Date Expiry Date Status Granted, Declined

38 Access thankQ CRM Can remain in deck published after 7 March

39 Contact view of consent
Can remain in deck published after 7 March

40 Self Service Preference Centre

41 Engaging Networks Add Gmail – self service link

42 Engaging Networks

43 Engaging Networks

44 Engaging Networks

45 Take away action #3 Build a self service Preference Centre
Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

46 Consent …[you] shall be able to demonstrate that [they] consented
1. What do ‘opt-in’ and ‘opt-out’ really mean? Art 7 (1) …[you] shall be able to demonstrate that [they] consented …the right to withdraw [their] consent at any time. [This] shall not affect the lawfulness of processing based on consent before its withdrawal. Art 7 (3)

47 Fundraising Preference Service
Can remain in deck published after 7 March

48 Data Protection and CRM
Graham Hewitt, The Access Group

49

50 Inbound data Data Entry points: Add New Contact Website sign up
Batch Import feedback and consent data Retail Purchases Peer to Peer Webshops EPOS (Gamma) Privacy Policy

51 Take away action #4 Consider all of the incoming data …
What is its Purpose? What is the Consent? Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

52 Take away action #5 Consider compliance reporting and audits
How much of this is applied by your system? Vulnerable to human error ? How will you identify staff training issues – and non compliance? How can you demonstrate compliance? Scroll sideways?? Worst case Do Not Mail ONLY  What controls of suppressions (for deceased and gone away) Improvements led to Preferences … Opt OUT

53 Personally Identifiable Information

54 Pseudonomisation Archiving and Deleting expired data

55 Forensics Audit trails and Security controls? What happened?
Who had access? Who could take your data? Process in the event of a complaint? Still Notes

56 5 step plan Review your approach to personal information
Review the privacy notices wherever you collect personal information Review the quality of consent you currently hold Review the functionality, and use, of your current CRM Plan out your steps to GDPR-compliance

57 Data Protection and CRM
e:

58

Download ppt "Data Protection and CRM"

Similar presentations

Risk and Resilience Delivered by Alba www.albanetwork.co.uk.

Risk and Resilience Delivered by Alba
Data Protection.

Data Protection.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
ICAICT202A - Work and communicate effectively in an IT environment

ICAICT202A - Work and communicate effectively in an IT environment
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
A summary of feedback from service users and carers: 2010-2015 Adult Social Care – what does good look like?

A summary of feedback from service users and carers: Adult Social Care – what does good look like?
A centre of expertise in digital information managementwww.ukoln.ac.uk Technology Supported Learning in the 21st Century: Sustaining Innovation via Organisational.

A centre of expertise in digital information managementwww.ukoln.ac.uk Technology Supported Learning in the 21st Century: Sustaining Innovation via Organisational.
ESIF Technical Compliance Requirements May 2015 WORKSHOP Helen Joicey.

ESIF Technical Compliance Requirements May 2015 WORKSHOP Helen Joicey.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.

The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.
7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.

7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
People Inc. from P&A Software

People Inc. from P&A Software
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Member Network Committee Induction

Member Network Committee Induction
Fundraising Regulation: What does it mean for charities?

Fundraising Regulation: What does it mean for charities?
ACIE Scottish Conference, 26 August 2016

ACIE Scottish Conference, 26 August 2016
Providing assurance on risk management and controls

Providing assurance on risk management and controls

Similar presentations

Ads by Google