Only 5.4% of UK charities ‘ready for GDPR’: survey

Uncertainty around consent and data retention Articles still presents big worries for third sector.

Chloe Green | 27th Apr 18
Charities GDPR

Only a small proportion – 5.4% – of UK charities are ‘truly ready’ for General Data Protection Regulation (GDPR) effectuation on 25 May, warns a survey of more than 300 third sector organisations run this week during a webinar* from software and digital services provider Advanced.

During the webinar, attendees took a survey about the progress of their own GDPR planning. While 5.4% of respondents declared themselves to be ‘As ready as we can be’, the remainder reported being in stages of preparedness that ranged from ‘averagely ready’ to ‘still work to be done’.

More than half – 56.1 % – named ‘consent’ as the top priority for their GDPR preparation, with ‘uncertainty about interpretation of GDPR’ representing the biggest obstacle to progress (48%).

“The webinar attendees are undoubtedly committed and focused on achieving GDPR compliance,” said Mark Dewell, Managing Director/Commercial & Third Sector at Advanced. “Uncertainty around consent and data retention seem to be presenting the biggest worries for the third sector, with many concerned that their potential fundraising totals will be affected.”

Webinar attendees heard best practice guidance from some of the UK’s leading charities about their journey to GDPR compliance, including Muslim Charity: it suggested that getting data in one place by completing a rigorous data audit is key to enable charities to answer any questions about the data they hold.

Top tips from the RSPB and Woodland Trust focused around robust and engaging communications. The RSPB’s approach to consent has involved a continual and comprehensive programme across email and website channels in order to capture the relevant permissions. The Woodland Trust has focused its energies on consent message testing to identify the communications most likely to engage and drive action.

Data retention was another important point raised by both Muslim Charity and the RSPB. For Muslim Charity, an effective data retention policy which explains why data is being held, and for how long, is ‘critical’. Similarly, the RSPB has linked its data retention to finances to ensure its gift aid claims remain valid, and that its financial audit trail is available in line with accounting standards.

“Although progress has been made, there is still a way to go before many are GDPR ready,” Dewell added. “Even though we are now less than a month away before the legislation comes into force, so many charities joining our GDPR webinar [suggests] that there’s still an appetite for information and advice about this topic. This is worrying – and yet unsurprising, given we know that only just over 5% [of those surveyed] feel ready for the regulatory roll-out, despite the threat of significant fines for failure to comply.”

* CDN Jargonbust: a webinar is a seminar conducted over the Internet.