We’re all so focused on becoming compliant, it’s easy to overlook the permanent shift in our ways of working that we’ll have to live and breathe every single day.
Let’s assume you’ve done excellent GDPR preparation, you understand the grounds for communication, reconsented a large proportion of your base, and are feeling confident on 25th May 2018. A month later you receive your first complaint via the ICO, a gripe about a thank you letter being mailed rather being emailed like usual. The burden of proof is on your organisation… How do you respond to this? Will the supporter’s comms history tell you that the legal basis for their communication was ‘a contract with an individual’? Will their record also tell you that the supporter’s email consent wasn’t GDPR-compliant and he didn’t respond to your consent ask, so it expired on 25th May? If the complaint had come into your Supporter Services team rather than the ICO, would they have been able to piece all of this data together and explain in a way the supporter understands? And when you respond, will you have a legacy policy of suppressing temporarily, or will you give them the option to reconsent then & there?
Being compliant isn’t an end in itself; we must make sure the entire organisation is set up to deliver genuinely relevant engagement. We must prepare ourselves for an ongoing cycle regular reconsenting, or mitigate this by becoming better at demonstrating engagement across all channels to prove that existing consents remain valid. Make sure that everyone who communicates with supporters is aware of the promises you’ve made, and the power that is being handed to supporters on 25th May 2018. Your right to communicate with an individual will live and die by every communication, and can be withdrawn in an instant. Every communication should be scrutinised… would the supporter expect to receive it? And more importantly – would they want to receive it? GDPR goes so far beyond reconsenting your supporters, and we all need to adjust to it as soon as possible.