When the General Data Protection Regulation (GDPR) was officially implemented in May 2018, many organizations and associations were not fully prepared for the fundamental changes in the management of personal consumer information it heralded. While the regulation is initially set to encompass 31 countries from the European Economic Area (EEA), it is only a matter of time before other regions across the world start implementing it to harmonize the collection and storage of Personally Identifiable Information (PII).
Essentially, GDPR serves as a reminder for all associations – whether their customers are located in EEA or outside –that they need to start devising ways to build long-term member trust. They must reassure their members their data is secure. They need to convince their members their confidential information belongs only to them, and that the associations have set in place data hygiene mechanisms. As per GDPR, members of associations now can access their personal data stored by the former from anywhere, correct incomplete data, request for deletion of the same, and also forbid the association from using this data.
Key GDPR concerns for associations
For associations and nonprofit bodies, this poses an interesting challenge. As the processing of any member data now requires explicit opt-in consent, traditional sales and marketing activities that associations have performed are now rendered obsolete. For instance, associations need to be very careful about the information they ask members to fill on website forms. Potential members from EEA could be among such visitors, and if the association does not take adequate care to protect this data, it could find itself facing massive non-compliance fines. Previous practices such as purchasing email lists or getting members to refer new members may also need to be revisited.
Associations also need to define specific sets under which specific member information falls. Basic data such as name, photo, email address, IP address and more, which were previously considered easily obtainable and transferable, are now covered under the scope of GDPR. Hence, associations must now store and transfer this data in an organized and accurate manner. Moreover, GDPR compliance for associations now runs across all organization levels –from senior management to team leaders and their staff – and this presents associations with a critical challenge to overcome.
While this may lead to some changes in the way employees review existing business processes and applications, GDPR will require a more comprehensive shift in the mentality of association staff when they are communicating with members. If they have to send members a newsletter about recent activities or industry updates, they will need to check for clear opt-in. If they collect information that is relevant for annual meetings then they will have to explicitly state that such information will only be used for the purpose of such meetings. In effect, associations will have to initiate fundamental changes in how they expand their membership, and run programs.
It is no longer enough for associations to assume that since their members agreed to a certain action, they are compliant with other activities as well. The simple rule associations should remember is this –if a member did not request it, they must not provide it.
The road ahead for GDPR compliance
The very first step associations must undertake is to conduct an in-house risk analysis to see where the gaps lie with regard to data collection and management. Many associations use multiple software systems and technologies, so they now face the formidable task of aligning these tools under the GDPR directive and consolidating all the member information they possess. They need to start by asking the following key questions:
In some cases, associations may have to revamp their privacy policies and notices to ensure GDPR compliance. For this purpose, data analytics can be a savior for them by providing unique insights into member consent, preferences and interests – all from a centralized and consolidated dashboard. Associations have to quickly sort through a lot of data now, and effectively doing so can enable them to devise successful and highly targeted marketing campaigns.
In other instances, associations will need to revisit their vendor contracts and member agreements as well, to carefully study the language used therein. They will need to insert new clauses to ensure all member data is stored and managed in a manner that is compliant with GDPR. They will also have to contain data breaches as per relevant mitigation mechanisms and best practices, in the event they do occur.
Associations worldwide now must realize that GDPR and data privacy compliance is an ongoing activity that has only just begun. Individual data rights are sure to see further adaptations as time goes by, and GDPR merely represents the first stage of questioning the nature and source of personal member information. Associations should, hence, look at developing policies of ‘Privacy by Design’ to provide data security at every stage, and not as an afterthought. This will help them boost member trust and loyalty, and achieve their long-term membership objectives.
Contact Us Today
Better Insights in the Cloud Data analytics is not an entirely modern invention. The term “big data” was coined in the 1990s to describe massive data sets often used in the finance, science, and energy sectors. Since then, both the amount of data produced and the computing power it requires have grown at an astonishing rate. The tools and techniques honed through various scientific disciplines provide a platform for businesses to accelerate growth and make the most of their place in the market.Explore
What is Predictive Analytics? Predictive analytics is the practice of analyzing past and present data to predict a future outcome. Today, every industry from insurance and finance to healthcare and child services uses neural networking, machine learning, and artificial intelligence to build predictive models to solve complex problems and support better and faster business decisions.Explore
What is ITOM? IT operations management (ITOM) can be defined as the process of managing and maintaining an organization’s network infrastructure. An IT team is typically tasked with this work, covering aspects of computing such as compliance, security, and troubleshooting. This team works with internal and external network users, offering advice and remediation to overcome technical obstacles and maintain effective service delivery.Explore
Putting Data to Work Recently, one of the world’s largest global shipping companies was seeking to identify new revenue opportunities; specifically, they were interested in monetizing their data by building other, related business intelligence products for different industries. Like many other businesses, they had found themselves sitting on a mountain of actionable data without any processes in place to explore or leverage said data. Their intentions were now pointed in the right direction, but what they were missing was a data monetization strategy.Explore
The Data Tide Businesses in the digital age are inundated with data as it floods in from multiple channels. This data is both a challenge to wade through and an absolute goldmine. Its tremendous potential can be harnessed to communicate meaningfully with audiences and advance an organization’s brand awareness in the public eye. The problem is, however, that raw data itself can’t tell a compelling story to most people. It needs to be woven together artfully to create a narrative that connects with a specific audience. This is where data-driven storytelling comes in.Explore