Insights
INSIGHTS
All Topics
The right way to ask for GDPR consent
24 Nov 2020by Chloe Green
Since its introduction in 2018, GDPR (General Data Protection Regulation) has changed the way that charities think about online user consent and data privacy
As well as stringent rules around reporting and managing data, charity marketers and fundraisers have had to get to grips with specific ways of communicating with supporters when asking for their details.
When collecting data, it’s essential to have correctly worded consent on donation forms, sign up pages and online documents. This allows people to keep in touch with your charity on their own terms.
Marketers could get away with communicating with people when consent was implied or inferred. But under GDPR, consent has to be expressly given for an organisation to continue communicating with them. The Information Commissioner’s Office (ICO) defines it as:
“a positive opt-in... offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.”
A 2020 GDPR progess report from the EU Commission found that 69% of the EU population above the age of 16 have now heard of GDPR. This shows a growing awareness among the public about their data rights. And with COVID-19 driving charities to embrace more digital platforms, it’s never been more important to know the rules.
So whether your charity is undertaking digital marketing for the first time or you need a quick GDPR refresher, here is a brief overview of how to ask for consent.
Article 4 of GDPR defines consent as "any freely given, specific, informed and unambiguous.... clear affirmative action" by which a person gives permission for their personal data to be processed in a particular way.
Breaking that down, here’s what that means in brief.
Consent must be freely given
Supporters can’t be seen to be pressured into giving their consent. There can’t be any emphasis on either ’accept’ or ’do not accept.’ There can’t be a pre-ticked box as default or one option in bigger
text or highlighted - it needs to be an obvious choice with no right answer.
Consent also needs to be as easy to withdraw. It must be clear to supporters on sign-up pages that they can unsubscribe at any time. There should also be information on how to do this, and the unsubscribe button should easy to find.
Related Articles
Be specific when asking for consent
What’s crucial is that supporters know exactly what they’re opting into. Users can only consent to one type of data processing with each opt-in.
Here’s an example of what that means:
Opting in to receive updates about a specific fundraising campaign doesn’t give you permission to also send text alerts. It also doesn’t sign users up to hear about a completely different service. Giving them the option to sign up to more than one thing or means of communication is fine. As long as each thing has its own tick box and is clearly communicated.
For example, when signing up to receive emails, you might give them a tick-box list that says ’Yes please, keep me up-to-date via email:
- With the latest news from [organisation]
- With volunteering opportunities in my area
- With alerts about animals up for adoption
- With new products in our online charity shop’
- Your consent phrase must inform users of what’s collected and why
Users need to know exactly what they’re consenting to, including the reason for processing. For example: ’Your information will be used to send you this whitepaper and to sign up to our weekly newsletter.’ Or an invitation to learn more and read full terms and conditions.
When providing a tick box for an email newsletter, unbundle what they’re signing up to by explaining exactly what content you will be sending them:
’We will inform you about the following information:
- Our latest vital work tackling [issue], events, donation campaigns and opportunities to support us.
- Tips and advice on getting involved with [issue] in your local community
- Volunteering opportunities in your area,
- Occasional relevant news from our sister charity.’
Where you might be sending personalised content tailored to the individual, they need to explicitly consent to this.
You must also give the name of your organisation and any subsidiaries or third parties you’re requesting consent on behalf of. This ensures supporters are fully informed about who they are giving consent to.
Use unambiguous consent statements
Your consent needs to be communicated in language that is clear, straightforward easy to understand. Confusing double negatives or vague phrasing won’t cut it. Keep things concise and on point, as this isn’t the place to try to be clever with copy.
Clear affirmative consent action
Supporters must expressly consent by doing or saying something. For example clicking a box or button that says “I understand and accept.”
The box also can’t be pre-ticked and must be kept blank, as the person needs to actively tick the box themselves to opt in. Otherwise, as per the ’freely given’ rule, you are swaying their decision.
As an affirmative action, it’s a good idea to include a second opt-in layer that requires users to confirm they want to subscribe via a validation email.
Let us know what GDPR consent phrases you are using in the comments below.
Chloe Green
Chloe Green
More on this topic
Recommended Products
Our Events
Digital Fundraising Summit 2024
For the sixth year in a row, we're bringing back an action-packed event filled with Digital Fundraising insights from the charity and tech sectors. Join us on 7th October 2024 for a free, one-day online event featuring informative webinars and interactive workshops.
© 2022 Charity Digital Trust. All rights reserved
We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
