We recently undertook a survey of prospect research teams in the UK to find out how they are coping with GDPR preparations. We’d like to thank each of the 95 respondents – your answers have given us a real sense of the current situation for the prospect research community as we all work towards May 2018.
We thought it might be useful to share some of the responses as we know that many prospect researchers are struggling with GDPR and it may help to know that you are not alone! That said, it’s not all doom and gloom out there, as the answers to the survey reflect, and there are many positives that we can take from the results.
First, the not-so-good news
Perhaps unsurprisingly, the overwhelming feeling from most of our respondents (77%) is that there is still a lack of clarity around GDPR – specifically around how prospect research can operate in a compliant fashion within the principles of GDPR.
There are also concerns with the practical aspects of GDPR preparation; over 34% of respondents would like more information on undertaking a privacy impact assessment and 38% of respondents are struggling with understanding how to integrate GDPR practices with their CRM system.
Frustratingly, almost 35% of prospect researchers reported that they have not been involved in the GDPR discussions at all in their organisations so they feel they have been unable to provide valuable input to the process.
Some of the other concerns highlighted by our survey are:
- Misinformation or conflicting advice on GDPR issues is very confusing and unhelpful when it comes to planning
- The lack of evidence that supports the need for prospect research which can be used to argue the case for continued prospect research with senior leadership
- The difficulty of understanding and analysing donors’ reasonable expectations
- The lack of support from leadership within organisations in preparing for GDPR, and the lack of communication between teams on this issue
- The potential impact of GDPR on smaller organisations is worrying as they may not be able to fully prepare in time for May 2018 due to a lack of resources
- PECR seems to be a particular concern for many, especially when it comes to consent for channels of communication and how this integrates with GDPR requirements
- The overwhelming workload and resources required to prepare for GDPR
All that said, it wasn’t all bad news…
Readiness for GDPR
Whilst only 2% of respondents stated that they are ‘completely ready’ for GDPR, the vast majority of respondents, 91%, stated that, for prospect research at least, their organisations are ‘not quite ready, but getting there’. Only 4% of respondents felt that they are ‘not at all’ ready.
Consent or Legitimate Interest?
Most interesting to note from the results was that 54% of respondents stated that their organisation will be relying on legitimate interests as their basis to process data for prospect research purposes.
Only 3% noted that they will be relying on consent as their basis for processing whilst almost 35% of respondents stated their organisations were not yet to make a decision on this.
Only 16% of respondents felt that writing privacy notices / policies was an area of concern for their organisations – this is perhaps due in part to the specific guidance that does exist in this area.
Hearteningly, over 63% of organisations have updated their privacy notice to be GDPR compliant. Just over 26% have not yet done this, and 10% of respondents were not sure on the state of their organisation’s privacy notice.
Of the 63% which have updated their notice, over half (58%) have now uploaded this to their website. Only 14% have taken the step to post or email this updated notice to their supporters but this number will inevitably grow at a pace as we work towards May 2018.
Impact on prospect research activity
We also wanted to find out whether researchers have been able to continue providing prospect research services in recent months as the answer to this may help us to understand the likely long-term impact of the ICO fines and GDPR preparation.
The results below show the 5 main areas of prospect research activity and the % of respondents who stated they have either a) stopped doing this activity altogether, b) paused this activity whilst they prepare for GDPR, c) have continued to do this activity or, d) were unable to answer or didn’t do this activity in the first place.
|Type of research
||D/K or N/A
|Database (Wealth) Screening
|New prospects identification
|Due diligence research
We have followed up specifically with those individuals who stated they have ‘stopped’ or ‘paused’ Database Screening to obtain more details on these decisions, and we will be able to provide more insight into this at our session with Prospecting for Gold at the RiF Conference on November 6th. For those unable to be at the conference we will follow up with a blog about this shortly afterwards.
For now, it is heartening to see that, aside from Screening, the majority of prospect research activities have continued, although some have fared better than others.
Due diligence in particular seems to have continued, with only 1% of respondents stopping this activity and 3% pausing it. Individual research (i.e. profiling), which was previously undertaken by over 92% of respondents, has stopped or paused in a quarter of organisations as GDPR preparation is undertaken.
Network research was highlighted in the open questions as a particular area of concern, with many unclear how to balance GDPR requirements with the need to identify relevant contacts of key supporters, although of the 50% of respondents who previously undertook this type of research, 86% are continuing to do so, so it is unclear how much this has been affected in reality.
It will be interesting to review the long-term consequences of organisations stopping or pausing these activities as we look in particular at major donor income in 2018 and beyond. Many respondents in the open questions highlighted their concerns that their particular organisations and institutions are losing opportunities to identify and engage potential supporters for fundraising during the process of preparing for GDPR.
Whilst this is a worrying time, there was a view from many respondents that GDPR will ultimately have a positive impact on prospect research…in the end.
This is because despite being, as one respondent put it, “painful”, four of the main benefits highlighted were:
- GDPR will help to promote prospect research within organisations and institutions (as one respondent put it, “We are no longer a dark art!”)
- It will make prospect research more efficient and effective
- The process will educate supporters, donors and the public in how non-profits operate/fundraise, which is a good and positive thing
- The situation so far has shown researchers to be resilient – working hard and standing up for themselves and the sector
So, the future seems bright but, in the present, if you are one of the many researchers who would like more clarity on specific issues, we know that the IoF are working to produce some specific GDPR guidance for prospect research. We don’t yet know when this will be available, but it will hopefully provide some much needed insight into how we can better prepare for GDPR.
Whilst you wait for that, you may want to download our paper on legitimate interests and prospect research, as it signposts to other useful pieces of guidance and gives a basic overview of the GDPR situation.
If you’d like more details on the survey or would like to chat about prospect research and/or GDPR, please do get in touch with me.