Sending out the right messages
Ahead of the introduction of new data legislation, Clair Grant-Salmon explains what GDPR means for IIED and the people the organisation deals with, and how it's an opportunity for better communication.
You may have received an email from us this week asking if you want to stay subscribed to one of IIED's themed, or general, email newsletters.
All of our subscribers received this email because at some point in the last five years they signed up to receive this communication from us and, due to new European Union (EU) data protection legislation, we are asking all our subscribers to take positive action to confirm they want to continue to hear from us.
You're probably receiving a number of these types of emails from organisations at the moment ahead of new EU legislation – the General Data Protection Regulation (GDPR) – coming into force on 25 May 2018.
Ensuring timely compliance is on every organisation's agenda now, but this legislation has got us thinking – why not check that everyone wants to continue to hear from us?
Why not seek to improve the levels of engagement with our subscribers? And why not ensure they trust us and know we are looking after their interests by making this a core principal to the way we manage data at IIED?
Gone are the days of building large mailing lists to quote extraordinarily high numbers of emails sent in vanity metrics. We are focusing on building relationships with people based on what they are interested in and how they want to engage with us. At IIED we are seeing the GDPR as an opportunity, not a threat.
Why is the GDPR being introduced?
The GDPR is EU legislation that intends to strengthen and unify data protection for all individuals within the EU.
The EU wants to give people more control over how their personal data is used, bearing in mind that people's data is a hot commodity in the corporate world today, and that there are increasingly new ways of exploiting it. The current legislation the UK relies on (the Data Protection Act 1998) was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that.
The GDPR will still apply when the UK formally leaves the EU as it will be enshrined in UK legislation. So, it provides a clear, shared legal basis on which organisations can operate as data protection law will be identical across the EU single market. A stronger approach to data protection should help the EU improve trust in the digital economy – also benefiting organisations.
IIED's data policy
We've learnt that we collect data in many ways from many different sources – employees, past and present; partners; donors; marketing contacts; contractors, event participants; and more. And to manage this data effectively has led us to invest in a new contact relationship management system that lies at the centre of our organisation.
Managing these relationships is everyone's responsibility and, alongside the legal framework, the technology and all the inevitable process maps we are developing, also lie some core principles that are helping us to develop a robust data policy. And this is all part of the process for complying to the GDPR.
This process of legal compliance is time-consuming and we've spent six months updating our processes and policies, and working with IIED staff and partners to build their understanding around implementing the GDPR. There are inevitable grey areas from transcribing a piece of legislation into plain and simple text, and it's here where much of the debate and discussion lies about how to process an individual's data.
In this time, we have realised that there are some values that are at the heart of IIED that must be reflected in our data policy:
- We don't like 'spam' and we want to tell our audiences only about things that are relevant to them. We want you to trust us to deliver something of quality and relevance to your inbox and we always endeavour to do this.
- We will tell you why we are collecting your data, how we will store it and what we plan to do with it. Transparency is another core principle to the way that IIED works. We are not trying to trick you to sign up to things that you don't want. If we are not using your data for anything specific, we will not keep it in our system.
- We will always give you the chance to opt out. Unless you have entered into a contractual relationship with us at any point, you can ask to opt out of our communications. And we won't be offended. We just hope that one day we produce something good enough that means you will come back to us again.
- The GDPR is specific to data subjects based in the EU and also addresses the export of personal data outside the EU. However, we see the benefits of accepting this data standard universally across all areas of our business in every global context in which we work. We are working with our donors and partners to encourage good data practices. We won't treat anyone differently depending on their location, as we recognise that everyone's data is precious to them.
If you have received one of these emails please let us know if you want to stay in touch with us. And if you want to receive any of our email newsletters, please leave your data on our sign-up form.