Nonprofit Digital Communications

last person joined: yesterday 

For those doing digital strategy work, including written or multimedia content for nonprofit websites, social media, and e-newsletters. This group is for those digital communications folks who create written or multimedia content for websites, social media, and e-newsletters for nonprofits. Members will discuss topics such as social media trends, digital analytics, developing content, storytelling, planning and resources, content strategy, and more.

Ready for GDPR? Post your questions or resources.

  • 1.  Ready for GDPR? Post your questions or resources.

    Posted May 22, 2018 00:29
    Edited by Joyce Bettencourt May 22, 2018 00:34
    Image of the Game of Thrones tv character the Night King raising his arms up with text atop it saying GDPR is Coming.

    The EU General Data Protection Regulation (GDPR) goes into effect this Friday, May 25, 2018. GDPR applies to not just organizations and companies within the EU - but anyone globally who holds or processes EU citizen personal data.

    This important topic is the focus of today's NTEN Town Hall at 10 AM (PT) hosted by Amy Sample Ward with John Mix of Human Rights Watch, Lynn Labieniec and Rosa Del Angel both of Beaconfire RED, who presented on GDPR at 18NTC. It has also been discussed on the NTEN community forums (links to some of those threads below) and came up during our #18NTC Digital Communications Connect session.

    To continue the discussion on GDPR and how it affects nonprofit digital communications and marketing, please post to this thread any questions, useful Information, or resources.

    A few other NTEN Community GDPR threads:

    The NTEN Data Community group will also be hosting an 18NTC Debrief/GDPR Prep call on Thursday, May 24, 2018, from 11:00 to 11:45 AM (PT). Find out more info and how to dial in at http://bit.ly/2rYBtQT


    ------------------------------
    Joyce Bettencourt
    Online Community & Content Consultant – Caravan Studios/TechSoup
    NTEN Online Organizer of the Digital Communications group
    studioh2o@gmail.com
    Skype: JoyceBettencourt
    https://about.me/JoyceBettencourt
    ------------------------------


  • 2.  RE: Ready for GDPR? Post your questions or resources.

    Posted May 25, 2018 13:44
    The GDPR news just keeps coming. Here is a link to an article on GDPR from the latest issue of Connect. It has a lot of helpful links at the end if you want a deeper dive:
    Is your organization ready for GDPR?

    ------------------------------
    Sarah Meyer Hughes
    Manager, Analytics and Innovation
    American Dental Association
    Chicago, IL
    Community Organizer, NTEN Digital Communications Group
    ------------------------------



  • 3.  RE: Ready for GDPR? Post your questions or resources.

    This message was posted by a user wishing to remain anonymous
    Posted May 30, 2018 10:49
    This post was removed


  • 4.  RE: Ready for GDPR? Post your questions or resources.

    Posted May 31, 2018 12:32
    Hi @Rashidah McCoy

    There's a discussion just starting on FB ​ad changes over on the Discuss group. "Facebook's new 'political ads' policy". I think your input would be useful on that string. This is the first I've heard of the issue as we've not been doing ads for a while, but I'm sure interested in following it.

    Kai

    ------------------------------
    Kai Williams
    Executive Director
    The IWRC
    Eugene, OR
    ------------------------------



  • 5.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jun 04, 2018 17:22
    Edited by Erin Ellingwood Jun 04, 2018 17:22
    I have some questions about a different topic within the overall GDPR discussion: US-based nonprofits whose work is focused solely within the US (in our case, the state of Massachusetts) and whose fundraising efforts therefore seek to target US-based donors.

    I'm hoping we're not the only ones in this metaphorical boat!

    I work for Mass Audubon, an independent nonprofit whose mission is "to protect the nature of Massachusetts for people and for wildlife." We are not affiliated with National Audubon Society or any other national/international organization. All told, we have more than 500,000 constituents in our database of record (not all of them with complete profile information). Back in early May, our IT Director did a query of our entire database and found <50 records for users who are EU residents. (I think the exact number was closer to 37.)

    We're pretty sure that having so few records does not exempt us from GDPR. However, in this post from Beaconfire RED's blog, they point out that orgs who "do generic marketing that an EU citizen randomly happens to see (e.g., an online ad or a website they come across using a search engine) – so you're not deliberately targeting them…" are not affected by GDPR.

    So here are my questions:

    • Are we correct in thinking that our nonprofit is not exempt from GDPR?
    • Do we need to put up a banner/notice on our website that calls attention to our privacy and cookie policies?
    • How far does our responsibility extend in regards to third-party websites/services that our users sign up for accounts on and then link/affiliate their account to our organization? (e.g. we use a third-party platform called CampDoc so families can submit/manage camper health forms and waivers securely online, but CampDoc requires them to create a CampDoc account in order to use the service.)

    Any insight or information would be greatly appreciated!

    ------------------------------
    Erin Ellingwood
    Web & E-Communications Manager
    Mass Audubon
    Lincoln, MA
    ------------------------------



  • 6.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jun 05, 2018 10:08
    1. Are we correct in thinking that our nonprofit is not exempt from GDPR?

      Correct. More precisely, GDPR defines the rights of individuals. Those rights create duties for those who process the data of individuals. You are not exempt from GPDR when you process the data of individuals who have those rights.

    2. Do we need to put up a banner/notice on our website that calls attention to our privacy and cookie policie

      While you're not under the GDPR umbrella if you're not targeting or profiling EU users, you are under the umbrella if you use the data you collect from your non-specific targeting. In other words, if you're showing untargeted ads, you don't trigger GDPR issues. But if people click on those ads and make a donation or sign up for email, you are back under GDPR.

      In general, you are required (not just by GDPR) to have and make available your privacy and cookie policies. GDPR has some additional specific requirements about what's in those policies and how they're to be written and presented. I'd take a risk-management approach here, because we don't really have certainty about how some of this will play out. If you don't target EU individuals, and you're not doing anything with the data that infringes on people's privacy (eg selling the data or sharing it w partner orgs), your overall position is strong, and your risk is low - the EU isn't coming after you, they're not looking to catch a local US charity who happens to have a few EU emails in its database. However, by the strictest letter of the law, it does appear that you would need to comply with GDPR for this issue as well. If you do systematically use data collected about EU folks, no matter how it's collected, you're in a much weaker position to argue that you don't need to comply w all the GDPR provisions.

    3. How far does our responsibility extend in regards to third-party websites/services that our users sign up for accounts on and then link/affiliate their account to our organization?

      Maximally. Under GDRP you're the Data Controller, and you're responsible for everybody with whom you share data, and anyone you derogate responsibility to. You can't disclaim any of that and you have an affirmative duty to ensure the GDPR compliance of your partners. You should, at a minimum, confirm that your partners are certified under the Privacy Shield. This is a complex issue because it goes to the restriction on moving EU data out of the EU envelope. In other words, you can't give EU individuals data to a company that isn't governed by EU law or privacy laws substantially equivalent to the GDPR. The US doesn't qualify, so giving data to partners who don't have the same privacy laws as you do is not permissible. The Privacy Shield is a way for companies to certify that they are GDPR-compliant, so that you can move data to them. If they aren't, you need to contract with them to provide for data privacy equivalent to GDPR. 

    My company offers GDPR compliance consulting, please reach out if you'd like more assistance - we're located in CT and do work with a few MA-based orgs.

    ------------------------------
    Isaac Shalev
    http://www.sage70.com
    Stamford CT
    @Sage70
    isaac@sage70.com
    ------------------------------



  • 7.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jun 05, 2018 13:59
    I also wanted to share the series of GDPR resources I have been curating on Pinterest.

    You can view the boards at https://www.pinterest.com/avatarjoy/gdpr-eu-general-data-protection-regulation/

    Please let me know on this thread if you have other GDPR resources or sub-topics you would like to see.

    Thanks!

    ------------------------------
    Joyce Bettencourt
    Online Community & Content Consultant – Caravan Studios/TechSoup

    studioh2o@gmail.com
    Skype: JoyceBettencourt
    https://about.me/JoyceBettencourt
    ------------------------------



  • 8.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jun 05, 2018 14:15

    You probably have this: https://www.searchenginejournal.com/what-is-gdpr/251087/?utm_source=daily-newsletter&utm_medium=daily-newsletter-post&utm_campaign=daily-newsletter-post

    What I liked best was an infographic I saw. I had a hard time convincing the Powers That Be that we needed to make an effort at compliance, and once we did, it is sufficient but not exceptional.

    I can't find that infographic any more, but I bet you have it!

    Take care! Happy Friday eve-eve-eve!

     






  • 9.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jun 11, 2018 07:36
    Here's the link to the infographic!  NPO GDPR compliance:
    https://www.charitydigitalnews.co.uk/2018/05/10/a-last-minute-gdpr-checklist-for-charities-infographic/?utm_source=Technology%20Trust&utm_medium=email&utm_campaign=9558238_CDN%20Newsletter%2011%2F06&dm_i=O,5OV6M,RKJ08K,M59KW,1

    ------------------------------
    Tricia Maddrey Baker
    Social Media/Communications Manager
    Aplastic Anemia & MDS International Foundation
    Bethesda, MD
    ------------------------------



  • 10.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jul 09, 2018 11:02

    We are a small to medium sized nonprofit and are looking for a consultant who can assist us in reformulating our privacy and cookies policies to be in compliance with GDPR. Any suggested names or firms would be appreciated.



    ------------------------------
    W Alston Roberts III
    Washington, DC
    ------------------------------



  • 11.  RE: Ready for GDPR? Post your questions or resources.

    Posted Jul 10, 2018 09:35
    My firm does this, please reach out directly!

    ------------------------------
    Isaac Shalev
    http://www.sage70.com
    Stamford CT
    @Sage70
    isaac@sage70.com
    ------------------------------