Sunday, May 14, 2017

GDPR Doesn't Mean You Need a New Database


Last week, Civil Society reported that "almost 40% of charities are considering reviewing their current CRM system with the launch of the FPS [and] GDPR." My message to such charities is: hang on, wait a minute, do you really need a new CRM system or fundraising database? Buying and implementing a new system is complicated, expensive and takes up plenty of your resources. So before you do that, there are a number of things you should do first:
  • Talk to your current database supplier. This has to be your first course of action. What do they recommend? What are their plans? If you have a "fundraising system/package" such as Raiser's Edge, thankQ, DonorFy etc then such suppliers will still want to be selling their software to other charities now and post-GDPR, so they will need to ensure their systems are compliant or they won't sell anymore.
  • If you have a CRM platform (Salesforce, Microsoft Dynamics 365 etc) then you almost certainly will be able to manage FPS and GDPR on them but of course it could be simple or more complex depending on your current design, if you have access to any IP (Intellectual Property) issues etc. So, again, talk to whichever supplier/business partner implemented your system. And if you don't have any such relationship and your in-house staff don't know how to change your platform then call on a Salesforce/Dynamics specialist developer - there are lots out there.
  • Talk to other users of the same system that you are using. If the above doesn't get you any joy then talk to other charities who are using the same system as you are. If you've got issues then other organisations will almost certainly be/have been in the same boat as you. Maybe they have already found a solution and can give you some tips; or if not, then maybe you can all get together and put some pressure on the developer to get something done.
  • Talk to other charities who are ready for FPS/GDPR and ask how they've done it. Even if they have created a solution in a different system/platform to the one you use, it is quite possible you can learn the concepts of what they have done and see if you can replicate that in your database. You could even look at third-party specialist solutions such as Wood for Trees' Consentric Permissions or Syrensis' The Preference Centre.
  • And do talk to a qualified professional about what you really need for FPS and GDPR (i.e. a lawyer, compliance expert, a consultant specialising in this area etc). I have read and seen too much conflicting advice over the previous months and 'data protection' is unfortunately one of those things where many people think they know what is needed but many people don't really... And it is one area which you can't afford to get wrong.

Finally, if it turns out that you must change your current CRM system/fundraising database then don't rush it. Do it properly, get a formal procurement process in place, implement any new system with a correct timetable and budget; and if necessary keep your FPS/GDPR data in a separate system in a consistent format which you can import into your new system at a later date.