The BBC (Radio 4) has recently broadcasted the story of an elder lady who has been inundated with letters from charities, and debates on this issue with representatives of various fundraising bodies.

The radio program (28 minutes) was on air on the 6th October 2017, and is this available through this link.

90 year-old Barbara Smith loves donating to good causes, but has discovered some of the UK's biggest charities have bought and sold her name and address. It's meant she's been inundated with letters from charities she's never heard of.

In this programme Barbara, with the help of her Producer, Lydia Thomas, investigates which charities have traded in her personal details, uncovering a web of buying and selling, and asks the charities why they did it.

The charity sector has been under fire from the government about how it raises money. After the death of the poppy seller Olive Cooke, charities were criticised for harassing elderly and vulnerable people, calling people registered on a no calls list, and buying and selling donor's personal details in order to send them unsolicited letters.

Barbara discovers that women of her age are particularly lucrative for charities, and some charities have taken advantage of that generosity.

Smile Train, a charity that admits to sharing Barbara's data with other charities explains to Barbara why they traded her name and address - a practice they have since stopped.

Barbara has donated to Oxfam every month for 30 years; Mark Goldring, the charity's Chief Executive invites Barbara to Oxfam's offices to show her the work the charity does.

Barbara also finds out how the bad news stories about charities, including Oxfam have forced the charity to think about how it fundraises.

Barbara interviews charity regulators who brought in new rules for charities: Paula Sussex from the Charity Commission, and Michael Grade, Chair of the Fundraising Regulator meet with Barbara.

Interviewees

• Michael Grade, Chair of the Fundraising Regulator
• Paula Sussex, former Chief Executive of the Charity Commission
• Mark Goldring, Chief Executive of OxfamSusu Stinton, Trustee, Smile Train
• Mark Roy, Chairman ReAD Group

Comments from different charities

Civil Society has summarized the reactions of some of the charities that had been criticized in the radio program.

According to Civil Society, the British Red Cross says it has never sold supporters' personal details.
A Red Cross spokeswoman confirmed that “The British Red Cross has never sold the personal details of its supporters and stopped sharing them with other charities in May 2015".

Susu Stinton, trustee of Smile Train was interviewed by Mrs. Smith, and said that while the charity does not share supporter’s personal details anymore.
“It was so widespread, I think you’d actually be harder pushed to find a charity which didn’t share data” between 2010 and 2015, when the practice was banned.

Marie Curie said: "As we said in the programme we have no record of Ms Smith's details. We no longer share data with other charities or third parties.”

Sources:

• BBC - Radio 4 (06-10-2017): 'Selling Barbara'
• Civil Society: 'Three charities criticized in BBC documentary over data swapping'

 

• GDPR-International-Actu

« New requirements around the processing of personal data need to be understood
or charities risk damaging the reputation of the sector as a whole.”

La dernière Newsletter de l’EFA (European Fundraisers Association) propose un article concernant l’impact du Réglement Général 'Protection des Données' (GDRP) sur les acteurs de la collecte de fonds, et ce dans l'ensemble des pays de l'Union européenne. 
Nous listons ci-dessous les principaux défis que Jitty van Doodewaerd, compliance consultant pour le compte de DMCC Netherlands, décrit plus en détail dans sa contribution :

 

• What data do you collect ?
  If you can provide the same service or product without collecting certain personal data, you are not allowed to collect or store that data.
  This is the principle of data minimization.
• What records do you need to keep ?
  GDPR obliges organisations to maintain a record of processing activities.
  Charities must set up a “privacy administration” comparable to their financial administration.
  A single customer view or central overview of all data processing activities is often not in place. However, starting May 2018 this is a requirement.
  And your data protection authority can ask for your records of processing activities.
• Who should take responsibility for your data ?
  GDPR states that organisations that systematically monitor citizens are required to appoint a Data Protection Officer (DPO).
• How can you retain care and control when working with third parties ?
  Accountability also means regularly checking your suppliers.
  First of all by entering into a data processor agreement. That is not just a paragraph in the sales level agreement or contract, but a full-fledged document detailing your data processing; the type(s) of data, data retention periods and security measures.
  Secondly, by actually monitoring the data processors.
• What do you need to tell supporters ?
  GDPR still allows for data collection. But under the condition that citizens are comprehensively and understandably informed about your personal data collection and are offered a meaningful choice.
  It is not enough to provide this information with a hyperlink to the terms and conditions or the privacy statement. The information must be provided clearly where a consumer registers.
• When should you delete data ?
  GDPR states that personal data can be kept no longer than necessary for its collection purposes.
  If someone receives your email newsletter and they opt out, it is not enough to deactivate their account.
  If the data is no longer needed, it should - at some point - be deleted or anonymised.
  Keeping personal data longer is permitted, if required by law.

L'article fait état d'un récent sondage réalisé à l'initiative de la European Fundraisers Association, dont il ressort qu'une grande majorité d'associations actives en collecte de fonds n'ont pas encore entamé les procédures de mise en conformité des traitements de données personnelles concernant leurs donateurs.

Source:
'CHARITIES UNPREPARED FOR EU DATA PROTECTION REGULATIONS (GDPR)' - Jitty van Doodewaerd, compliance consultant DMCC Netherlands - EFA Newsletter, 20 juillet 2017.

Autres articles d'actualité sur le même thème:
- Réglementation européenne RGPD: votre association est-elle prête ?
- RGPD et collecte de fonds: documents et liens utiles

Le prochain workshop du Fundraisers Forum (jeudi 31 août) proposera plusieurs interventions sur ce thème (lien).

• GDPR-International-Actu

Onze associations britanniques sous le collimateur

Mars 2017 - Pas moins de onze associations britanniques étaient dans le collimateur de l’ICO (Information Commissioner’s Office) depuis décembre 2016, du fait de diverses infractions concernant la législation en matière de protection de la vie privée. Le jugement final devait être prononcé au plus tard au début du mois d'avril.
Ce contexte a bien évidemment influencé la réflexion de différentes instances chargées de repenser l'arsenal des dispositions en matière de protection de la vie privée dans le cas précis des données relatives aux donateurs.

 

Privilégier l'opt-in, en prévision de la prochaine directive européenne ?

Une conférence organisée conjointement en février dernier par le Fundraisers Regulator, l’ICO et la Charity Commission a permis de préciser les nouvelles dispositions préconisées en matière de protection de la vie privée.

C’est ainsi que le rapport récemment publié par le Fundraising Regulator sous le titre ‘Fundraising : Consent, Purpose and Transparency’ comprend plusieurs propositions radicalement nouvelles.

On y recommande aux associations de veiller à ce que dès avant l’entrée en vigueur, en Mai 2018, du dispositif européen ‘General Data Protection Regulation’, celles-ci demandent systématiquement l’assentiment formel de type ‘opt-in’ auprès des donateurs auxquels diverses communications seraient encore envoyées à l’avenir.

Le Fundraising Regulator souhaite également qu’un mécanisme simple permette à tout donateur de suspendre son autorisation ‘opt-in’.

 

Le Fundraising Magazine (mars 2017) édité par Civil Society rend compte des résultats engrangés par deux importantes associations britanniques – la Cancer Research UK et la RNLI (Royal National Lifeboat Association) – qui demandent désormais systématiquement à leurs donateurs de préciser leurs attentes ‘opt-in’ et ‘opt-out’ en matière d’emails, de sms, de courriers postaux et d’appels téléphoniques.

Le même magazine publie un dossier intitulé ‘Trust Matters’ qui résume les résultats d’une enquête auprès de diverses agences commerciales concernant les dispositions susceptibles de restaurer la confiance des donateurs britanniques vis-à-vis des associations actives en levée de fonds.

• GDPR-International-Actu