What is the GDPR?
On May 25, 2018, the General Data Protection Regulation (GDPR) officially takes effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Does this new regulation affect my nonprofit?
The GDPR applies to EU-based organizations, and also to any company or organization who has customers or contacts in the EU. If your organization works or interacts with supporters or other individuals located within the EU, you’ve probably already begun considering how to be in compliance with the new regulations.
Read on to learn more about how your organization can stay compliant with the GDPR using Flipcause. Please note: If your organization does not work with EU members, you do not take any additional action.
Data Processors and Data Controllers - what’s the difference?
Your organization is classified as a Data Controller, meaning that your organization determines the purposes and means of the processing of personal data that you collect from your supporters. If your organization works with individuals or has supporters in the EU, you can utilize the Flipcause features listed below to stay compliant with GDPR regulations.
Please note: Flipcause offers these tools and information as a resource, but we don’t offer legal advice. We recommend you contact your legal counsel to find out how the GDPR affects your organization specifically.
Security & privacy resources for Flipcause clients with supporters and contacts in the EU:
2 Factor Authentication & Subadmin Permissions
Enhance your access controls and account security by setting up 2-factor authentication for all of your Flipcause accounts and subadmins. We recommend setting up 2-Factor Authentication regardless of GDPR status! Learn how here.
Data Portability and Deletion of Data
Flipcause will remove personal data information from any and all records upon request. You can request access to or deletion of data on behalf of your supporters by emailing firstname.lastname@example.org.
Flipcause Forms: Mailing List Opt-In
If your organization processes data from supporters in the EU through Flipcause, we recommend setting the default option on your campaign forms’ mailing lists to “Opt-in” rather than “Opt-out”. To make this change, go to Campaign Settings > Mailing List Opt-In. and select "Opt-In".
Flipcause Forms: Custom Messages
Receipt Message Customization
You can add a custom message to your transaction and mailing list sign up email receipts that that indicates how you will use data collected from supporters.
Block Transactions from Countries of Your Choice
For security or compliance reasons, if you would like to block transactions from any country (including countries in the EU), you may do so in Security Settings.
For WebPack Clients with Supporters in the EU:
Our website host partner, Weebly, is fully compliant with the GDPR effective May 25, 2018. Read more about their new policies here, and read below for details on what they are doing to ensure compliance:
New Cookie Banner
If you have installed App Center apps it may be impacted by this change. Cookie functionality will be restored on the next page load after the user’s cookie consent is obtained.
New Cookie Opt-Out Element
Allows a user to create a cookie opt out on a page. The element includes a button and a paragraph with disclaimer text above a button labeled “Opt Out of Cookies”. On published sites, if a user has accepted cookies via our new cookie banner, they can use the new Opt-Out Element to opt-out any time. Once they have opted out, the message in the element button will change, and the new cookie banner will once again be placed over the page, prompting them to accept.
Updates to Weebly’s Form and Newsletter Elements
Because many site owners choose to collect Site User information with Weebly Forms, they are adding an opt-in feature to these forms. Site owners will now have the ability to enable an opt-in checkbox with compliance language, and to make this opt-in required for submission.
Review Third-Party Services
Additionally, we suggest that they evaluate any third-party apps and vendors for compliance. If they are using any third-party services to gather or process customer data, they will need to check with those companies to verify they are GDPR compliant and will assist them with, among other things, users’ data removal and portability requests.
Please note that the information provided above is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this message, you assume all risk and liability that may result.