T +44 (0)20 7601 7100 E solutions@blackbaud.co.uk W www.blackbaud.co.uk
WHY transparency matters
GDPR, Fundraising Regulator's Code of Fundraising Practice and building donor trust all require
transparency.
HOW to effectively communicate privacy practices
Be accurate in describing your practices, use language that is easy to understand and create
layered notices.
WHAT elements to include in your privacy notice (See Article 13 of GDPR for more detail)
Contact Details
Who you are and how to contact you and your DPO
What Data and What Purpose
What categories of data you collect (from the individual and third parties)
What you're doing with data and the legal basis under GDPR to justify the processing
Describe your legitimate interests, profiling you conduct and any further processing
Whether the individual is required to provide data and what happens if she doesn't
Data Subject Rights
What rights individuals have (like erasure, withdrawing consent and making a
complaint to the ICO) and how they can be exercised
Sharing and Transfers
With whom you're sharing data and details about transfers outside the European Economic Area
Hold and Protect
How long you're keeping data and (optional) how you're securing data
WHEN to provide information
Present privacy information when data is collected, which may require just in time notices for
greater clarity.
Disclaimer: The foregoing does not constitute legal advice and should not be construed as legal opinion or advice on any specific facts or
circumstances.
Transparency about privacy practices can play a crucial role in encouraging individuals to donate to
your organisation because it can help engender the public's trust in your charity and build lasting
donor relationships.
The upcoming GDPR will require that you provide privacy notices to individuals from whom you
collect personal data. We have summarized some tips to help your organisation communicate your
privacy practices to your constituents.
Communicating Privacy
Practices to Donors
