We are working with our clients on an individual basis to discuss the requirements for GDPR and how it affects individuals data held in alms.NET. Our clients are at different stages of GDPR adoption in terms of their understanding and preparation so we are reviewing each one to see how far they have progressed and what their challenges are so that we can guide them.
We have developed a communication plan to include regular updates via email, our help site, blogs and gatherings for our clients to keep them up to date. We are also in communication with the ICO and the IOF to develop our understanding of the GDPR requirements which we will relay back to our clients.
The GDPR relates to personal and sensitive data collected and used by organisations. Each organisation is responsible for making sure that the data protection principles for processing are met - lawful, transparent, legitimate purpose collection, accurate, identifiable to the data subject and secure whilst also keeping in mind the individuals’ rights. The current version of alms.NET - Horizon already has functionality to support the key requirements of the GDPR and we are developing alms.NET further to incorporate any remaining requirements.
Managing consent is one of the biggest challenges our clients and other charities are facing with respect to the GDPR. It doesn’t just mean obtaining consent to send their individuals direct marketing communications; it is also about obtaining consent to hold personal data. alms.NET Sourcing and Auditing functions provide organisations with the means to do this - any contact data change in the system is stamped with a date, user and descriptive - manual or automated depending on the process from which the data was added. Our clients can view the audit trail to see what data was changed/added and when.
Several of our clients obtain sensitive data such as medical or household information as well as holding data about children and other vulnerable groups. Consenting to hold sensitive data or to be profiled or any other requirements can be held in alms.NET against the contact. Sensitive data can be secured so that only relevant personnel in the organisation has access - this can be done at a data record or individual contact level.
With regard to consent for direct marketing communications, alms.NET provides consent against a channel (email, telephone or postal), purpose, e.g. direct marketing, campaigning, events - and the associated email address, telephone number or postal address. Where the individual has exercised their right to object, this can also be recorded here alongside the source.
When it comes to communicating with individuals, it may be direct marketing. This can be managed by consent or under the ‘legitimate interest’. Either way, the alms.NET Communication process will allow you to include/exclude individuals depending on the type of communication.
Individuals will have the right to access their data and this can be done by using the alms.NET Contact report and/or allowing a supporter portal sign on where they are able to view their information.
The main area of development is to introduce an improved function which will comply with the individual’s ‘right to erasure’.
If you would like further information, please contact us at firstname.lastname@example.org