In a world where members expect self-service, optimised online journeys, interactive and personalised experiences, it’s clear why increased member engagement and recruitment and retention are the top priorities for membership organisations*.
In the current climate, it’s arguably more imperative than ever for membership organisations to overcome the technological challenges, inadequate systems integration and multiple databases of siloed data* to realise these goals as the grip of the COVID pandemic affects the economy, the lives and livelihoods of the members they serve. However, given the current situation, it’s easy to forget the GDPR.
GDPR two years on
Let’s face it, the word GDPR (General Data Protection Regulation) isn’t one that garners excitement! But two years on, can we afford to be complacent about the GDPR? The simple answer is no! It is a legal necessity that the membership sector must fundamentally pay attention to, and comply with.
Balancing GDPR compliance with organisational priorities and member needs
Whilst members expect tailored and personalised experiences, it’s not enough to assume they’re happy for their data to be used for these purposes. The implementation of the GDPR increased penalties for non-compliance, placed greater emphasis on organisations to demonstrate accountability and enhanced the rights of individuals, including:
- the right to object to automated decision making and profiling
- rights in relation to how their data is processed
- the right to have their data deleted or put beyond use
In a bid to tackle the technology, integration and data challenges, membership organisations must balance their obligations under the GDPR with the desire to automate processes and harness intelligence from data to meet the needs of members, retain and recruit members and achieve organisational growth.
GDPR during times of crisis – increased risks that membership organisations need to know
In these unprecedented times, COVID and other economic and legal factors have magnified the risk of non-compliance with the GDPR. Membership organisations must be aware of, and adequately respond to the increased levels of risk, including:
- Remote working and scaling up technologies – the pivot to remote working resulted in the rapid scale up of technologies and remote devices for many membership organisations. Cyber security attacks have increased since the COVID outbreak, therefore membership organisations must deploy appropriate security methods and implement policies and procedures to protect personal data and keep it secure
- The withdrawal of the EU/US Privacy Shield – many of membership organisations use technologies owned by companies based in the US. The recent withdrawal of the EU/US Privacy Shield means that safeguards** must be put in place to make transfers to the US lawful
- UK transition from the EU – if the UK do not receive an adequacy decision from the European Commission at the end of the transitions period, you will need to put safeguards** in place and nominate a Representative in the EU if your organisation has members and customers in the EU citizens
- Rights of individuals – despite many organisations still operating remotely and away from the office, membership organisations must still comply with requests from individuals exercising their rights under the GDPR – e.g. requesting access to their data, both electronic and printed etc.
Maintaining GDPR compliance – what membership organisations must do
The GDPR is clear about compliance and demonstrating accountability. Membership organisations are advised to:
- Assess current levels of compliance with the GDPR to identify gaps, including the new and emerging risks
- Identify necessary steps and measures required to comply and set out an implementation plan
- Identify any special provisions that need to be in place to respond to members exercising their rights under the GDPR
- Implement governance documentation – including processes, policies, procedures and document the steps taken to comply, how decisions have been made, and the justification for those decisions
*MemberWise Digital Excellence 2019 Survey Summary Report
**Including, but not limited to Standard Contract Clauses, consent, Binding Corporate Rules
LJ Digital & Data Consultancy help Membership, Association, non-profits and charitable organisations to assess their existing operations and capabilities and define robust, digital, data and IT strategies that are aligned with business strategy as well as being fit-for-purpose for the future
Leave A Comment