Tag Archives: Data Analytics & Insight

Get ready, get set, GDPR

Getting ready for GDPR

Ready, set, GRPR

I recently wrote a piece for the Just Giving blog called 4 lessons for charities as we prepare for GDPR  in which I presented four lessons we can learn from the recent (March 2017) fines imposed on two businesses for data breaches as they made their own preparations for GDPR.

My four lessons were based on Honda and Flybe, who were caught out trying to prepare themselves for GDPR (the irony!), but who ignored the rules of PECR (Privacy and Electronic Communication Regulations) in the process.  Essentially, they emailed to ask if they could stay in touch or if the details were correct.

My four lessons were:

Lesson 1: if you don’t have permission for a channel, you can’t ask for permission via that channel (so if you don’t have permission to email, you can’t email to ask for permission to email; if you don’t have permission to call, don’t call). 

 Lesson 2:  don’t ask for ask for permission from people who have actively opted out of receiving communication via the channel you are using.  While writing to people to ask if you can email them might sound a bit bonkers, if that is the communication approach you have consent for, that is how you must do it.

Lesson 3: be clear about what you have permission to do and what is covered by your permission. As you craft new permission statements, consider what you may want permission to do in the future, as well as what you may want to do now. 

Lesson 4:  Don’t be caught out in a GDPR compliance bubble and forget about other rules and regulations that apply – or about people. Making people-based decisions rather than data-based decisions shows due respect to our supporters and will give them confidence in our integrity as an organisation.

In a short blog for Just Giving you can’t go into the detail that you’d like though, and never short of something to say … I carry on below.

Getting GDPR ready using these lessons.

I think we can look at the case of Honda and Flybe and see how easily this could have been a charity making these errors.  Heck, we can probably even see the thought process in our own organisations looking to make these decisions.

However, we also need to consider that these rules are not just about how we fundraise, they are organisation wide.  They are about how we communicate with our donors, staff, volunteers – everyone who is connected to our organisation.

I think the rules come down to a bigger series of considerations and discussions that you need to have within your organisation about permissions and ‘permissioning’ – which is not an *actual* word but soon will become a big part of the charity management lexicon.

Where & when you ask

If you don’t have permission to email a donor, how can you get permission to email a donor?

There are many legitimate ways you can try and obtain email permission – for example via social media campaigns, sign up links on your website and even via direct mail.  If you have telephone permissions and active calling programme, you could even ask via this means too.  You just can’t ask for permission for that channel (email) via the channel you want to use (email).

If obtaining permission is s a priority for your organisation, ensure that sign-up forms are embedded on every page of your website, on every blog and that you have a regular ‘drive’ to legitimately obtain additional data.

How you ask

Why would your donor give you any details?

How you ask for something that the donor values – their personal data – is critical.  A wrong move could put them off as much as make them want to sign up. On a practical note, there are a range of methods to asking (but take note, massive popups on website screens are off-putting and will earn you penalties in Google and annoy readers by blocking content). [links to Google Webmaster blog]

On a human level, the tone of the ask also needs to be sensitive the channel you are using.  But more importantly, sensitive to your audience. You know all this of course, from your crafting of fundraising messages.  Permission asks aren’t that much different, except the beneficiary is the organisation.

There’s a balance between the timid ‘would you like to sign up’ and the demanding ‘sign up instantly’ that will be right for your charity’s tone of voice.  It is worth split testing some approaches out and changing the messaging to keep things fresh.

The issue of transparency also comes into play for how you ask for permissions – if this were your data, would you be happy that a company is relying on a clause hidden away in a set of terms and conditions to cover what you want to do with your data?

Which leads us onto what we are asking for permission to do.

What are you asking permission for?

This is the nub of the issue as far as our GDPR and PECR regulations are concerned – what are we asking permission for?

‘Sign up for our newsletter’ is a very broad statement. It may as well just read ‘give us your email, we’ll figure out what to do with it later’.

One of the ICO ‘tests’ is to ask the question – what would a person reasonably expect you to do with the data from what you have asked.  Is it clear?  It’s time to get granular – another central theme of the GDPR preparation process.

If you have a great email newsletter list –and that’s what you asked people to sign up to, that is all you can do with their data. You can’t send them a customer service announcement about your charity (here’s looking at you, Honda).

Of course, much can be contained within a newsletter (like your annual review and details of your latest campaign), but you also need to avoid your newsletters becoming cluttered, unfocused and impersonal (back to batch and blast) – and therefore irrelevant and easy to want to unsubscribe from.

One approach could be to consider all the kinds of activities your charity offers and ask for permission for each of them.  A helpful way to start with this can be to look at your departments. Typically, they’ll relate to what your organisation delivers.  Eg HR, fundraising, communications, governance, policy /campaigning.

  • what do they do (or want to do) that you may need permission for?

Another option to consider is what you also want to do with the data that you have.  Several charities recently fell afoul of ICO for using donor data for wealth screening.  

What we have learned from this is like our Honda/ FlyBe lessons.  It is not what they were doing per se that was the issue, it was their permission to do it – would a donor who gave them details have ‘reasonably expected’ to be profiled and screened like this based on what they were told when they signed up?

  • Ask once for now and the future – consider your 5-year plan and what current technology can offer in terms of insight as you craft new plans – even if you are not using technologies to help profile your web visitors now, or wanting to screen donors, or using predictive tools to help prospect for new donors, you may want to do that in 2 years’ time.  And when you want to do it, you will need to have permission to do it.  Machine learning is the way forward – plan for it now even if the reality of it still isn’t clear to you.
  • Third parties – this also brings to bear the point that is raised in GDPR guidelines about how you use data with third parties too, and your need to declare how they will use the data too.  Explore that alongside your permission work here and be as clear as you can.  Third parties are everyone from your mailing house to potential agencies you may send data samples too for segmentation, research, data cleaning and so on.

Where are you storing and recording these permissions?

Should the ICO come a-knocking in the future, after you’ve made them a cup of tea and talked about the weather, the questions will come.  One of the questions they may ask is where you can prove that you had permission to send x y or z person a b or c email/direct mail/text.

The paper trail [ surely a redundant term in our digital age] in an ideal world, would lead to your CRM or database, where you can look this up with ease, and respond confidently.

In your current situation:

  • could you look up where you asked for permission to contact someone and identify the permission that a person gave?
  • could you look up the form they used to sign up and double check the language?

How you are storing your data is one of the fundamental questions that GDPR brings us back to.

It covers the requirement for data to be held securely – which is a separate area of conversation about access to devices, security protocols et al  (and usually ends with a conversation where someone reminisces about leaving a laptop of client data on a train).

For this article, consider these areas.

  • how are you managing your data?
  • do you run on Excel and end up with multiple departmental spreadsheets because that’s the only data you ‘trust’?

Heck, I am sure some people still use a card index or have a special address book.

That’s all data and that’s all covered by this.

How are you going to manage permissions?

A few preference centres are popping up on the market claiming to be the answer to all your GDPR woes.

While they may be part of a solution that works for you, I strongly urge you to think more widely than this before buying a panacea that you may not need.

There are key questions to ask and answer first about how your organisation is going to work together before you get to the technical bits.   Fundamentally, GDPR means it is finally, genuinely, time to say bye bye data silos and say hello to collaborative working with consistent data and access across the organisation.

No preference centre or legacy system is going to make that work for you.  That’s about organisational culture.  So, we need to do the people and process thinking ahead of the technology.

Some questions to help you explore this area and decide how to manage it in your organisation include:

  • Could any user log on and know that they cannot email a donor or beneficiary or that they cannot write to a resident?
  • Where and how will you record when a client, donor or beneficiary decides they don’t want to receive further communications?
  • What if they change their mind about a channel they already gave permission for?
  • If someone unsubscribed from direct mail today, how long would it take for their permission to catch up with data selections you have already made for future campaigns?

There are several creative ways to stick a temporary sticky plaster on any systems you are currently using this while you consider the bigger picture.

Don’t rush straight into more permanent fixes to your systems integrations that will give you the sought-after 360-degree view or more integrated and comprehensive data source – think them through with and beyond GDPR.

Evidence of Permission

If you can’t find evidence that you’ve asked for permission to do something, the safest approach may be to consider that you don’t have permission at all.

This may mean you cannot contact that person.

This is something of a bitter pill for many looking at their database.  It is going to reduce the number of active contacts and the number of people who may support you as a result.

The long and the short of it is that compliance with GDPR is the start of a new road and approach to how we look at our data – and our strategy for managing acquisition will need to adapt accordingly.

A human appeal: people = data

Alongside all this work we must do about data, I’d like to add the human appeal. When we talk about data, we’re talking about people.  We talk about donor journeys and build experiences around them based on things they’ve told us they want to do, what we want them to do (and ideally the two mirror each other).  These journeys are individual’s personal interactions with us.

Some of the GDPR rules you are now considering may worry you because they could (or will) have an impact on the valuable work that you do (for example, if you have a major donor and no contact permission to call, how are you going to move forward?).

Remember too that other charities and businesses up and down the country are having to do the same.  The charity you donate to, the online shop you buy those superb shoes from. They are looking at your data. How do you want them to treat you?

This ‘conscience and integrity’ test is one I find helpful all the time as a reminder that behind that spreadsheet (which is password protected and kept on a secure system, obviously) are real people and real lives, not just unique identifiers and permission sets.

It is easy to forget this.

Authors note:  this article is not intended as legal advice.  Note that this covers the legal basis for consent-based marketing and fundraising. Other legal basis for data processing may apply in your organisation.

Where to get Guidance and Information.      

Need help? 

If you need a data audit, an internal seminar to get your team up to speed with the basics of GDPR and ready to move forward, or need help to adapt your systems to meet your new preference management approach, Purple Vision can help.

Whatever your question, we’re happy to help.   You can

Think customer, not data

Quite rightly, when we think about data, the first thing we think about is data protection.  Security. The laws and regulations which govern how we store and secure customer details, compliance with laws, directives and regulation – or the codes of best practice – that we use in storing and securing customer details.

Add a few strong passwords, find an organisational data protection officer, add a dose of corporate responsibility and the right personal approach and you’re safe.  Phew!

But as other more erudite articles on this theme show, it’s not *quite* as easy as all that.

We’d like to add another dimension to the debate.

Data = customer

Data is the word mentioned first in the phrase data protection.

We think it’s because it’s the most important part. But where does it come from?

Data comes from our customers.

Data is about customers.

How we treat data, and our responsibility to it, is a reflection of how we treat our customers.

Data – and data protection – is as much about user experience and customer care as it is technical systems and compliance.

You may call the people in your organisation different things – customers, partners, prospects, stakeholders …. The words don’t matter. The sentiment does.

Surely this is all just semantics? 

It’s much easier to be animated, interested and excited about people than it is about data.   It’s easier to think about data protection if you are applying people to the process – this is about our customer, what’s the right thing to do for them?

And as for doing the right thing by them – here’s our 5 point roadmap to help you keep on top of your data

Silo the data silos

At the risk of sounding patronising, it’s really hard to look after data when it’s all over the place.  Data silos are common in organisations – donations and enquiries in one place, website and social media date elsewhere, perhaps even data about members and their registration data kept somewhere else.  Never mind our personal preferences for spreadsheets a plenty.

Part of your organisations roadmap should include integration of data.  This may not happen overnight but it should be a priority for many reasons.

The very first of these is that you cannot properly manage and use your organisations data – or support your customers – if information about them is in multiple places.   The second of these is that you’re not using a full 360 view of your stakeholders to make decisions if your data is not integrated.  You may be missing key changes or trends.

If it’s not on your list, chances are it won’t happen

Data needs to be looked after.  There are tasks to be done to keep it clean and in tip top condition, useable, current and informative. Let’s be very realistic, unless you’re some kind of Super-Manager, it’s very hard to keep on top of absolutely everything, and inevitably some of the tasks which are not seen as urgent or vital to move forwards, will move down the priority list.

I’d urge you to make weekly, monthly, quarterly and annual tasks relating to your data a priority.  A very simple reason is that the time it takes to do the task will become greater the longer you leave it.

If someone has been making a basic data entry error for 6 months, that’s a lot more knitting to unpick than a month’s work.

Pragmatically, for many of us while we know data is important, data tasks could be some of the little jobs that make our heart sink (all jobs have them) and don’t fill us with excitement.  All the more reason to deal with it when it’s small!  Make sure your data tasks are on your priority list.

Be on hand to help, monitor and manage

There are those of us that get excited about databases and systems.  Then there are the rest of the organisation who kind of know there’s a system, might have to interact with it but are not quite sure of what it is or why.

Sharing insight across the organisation helps everyone understand the relevance and importance of what’s in the system and how it can help you with your shared vision.

It also highlights you to the organisation as the person who carries the mantle for it and people can approach you for guidance more easily.

A champion is also useful for new starters  helping them get started and look after data in the right way, right from the beginning.

Stay enthused

The landscape we work in changes all the time – new tech, new programmes, new opportunities.  Not all of these will be relevant to you, but it’s important to keep an eye on the trends, innovations and updates that take place.

Find a blog you trust (this one is a great start!), and just scan it every week or so.

Keep in touch with your implementation partner or vendor – some may offer ongoing training or updates for clients.

Find ways to keep up with the new, fresh and exciting so you maintain your enthusiasm data, your systems and approaches and it isn’t something else ‘to do’ but is something else to grow and develop.

Health checks

Just as you will occasionally seek medical advice if there’s something wrong, you can do the same with your CRM.  If you have an issue, call the partner who helped you install it – you may have sensibly bought some after sales support from them, or they may be able to offer this to you on an ad hoc basis.  Healthcare is about prevention as well as cure.

An investment in the health of your system will help keep it working smoothly – and if you don’t have the time or expertise to manage it in house, you will need to recognise and allocate an ongoing sum to seek the help you need.

You’ve invested a lot of time and money in the system; don’t forget to protect your asset.

Find out more

Purple Vision offers health-checks for Raiser’s Edge and Salesforce as well as support with data, analytics and CRM.  Contact us to find out more.




Why you should know what the GDPR is – and what you can do NOW!

Be a fundraising GDPR superstar!

Dawn VarleyGuest blog by Purple Vision Associate Consultant, Dawn Varley – a self-professed ‘data geek’ and all round fundraising super-star – with a special interest in making data approachable and manageable.




On 14 April, European Parliament finally voted to accept the new rules and regulations that will shape data protection within the EU from 2018 onwards. We now have confirmation of what the much-talked about ‘changes to EU DP law’ – the General Data Protection Regulation (GDPR) look like, and can work to ensure they are adequately planned for.

The core components of consent, compliance and security shouldn’t come as any surprise – as these form the bedrock of the current EU, and corresponding UK, legislation.

That said, there are some key changes to be aware of, and whilst 2018 seems like an age away now is the time to get moving.   We all want to ensure not just compliance with the law, but to adopt best practice over and above it as a means of delivering excellent fundraising, and corresponding customer service to your supporters.

The time-frame also offers a great opportunity to incorporate a review of,  and plan of action for, the wider regulatory changes that have already or are due to come into effect in the next year.

But for now, let’s look at the core elements of the GDPR.


Consent remains very much a hot topic within the wider fundraising furore that has plagued the sector for the last year or so. But at its heart it could be argued to be very straight forward.  Existing Data Protection Act (DPA) and Privacy and Electronic Communications Regulations (PECR) laws focus on this, and the GDPR serves to reiterate the 4 conditions that need to be present in order for consent from supporters to be valid:

  1. Freely given – the person must give their consent without force, ie they have a choice, and do not have to give unnecessary details to undertake the transaction
  2. Informed – it must be clear to the person exactly what is being asked, why, and how they opt-in or out. Plain English is key.
  3. Specific – related to condition 2, the consent given will be specific to the processing stated at time of consent, and cannot unreasonably be changed later without further consent
  4. Positive action to indicate consent – the person must be required to do something to confirm they consent, ie by submitting a form or ticking a box. The absence of action cannot be used here.

A ‘right to be forgotten’ and a ‘right to object’ is also available for the supporter to invoke, and business processes must be able to recognise these rights, and cater for the subsequent removal of consent. Existing consent obtained from supporters will still be valid as long as the 4 conditions above are deemed to be met, so there is no starting point of a need to reconfirm with people to get consent.


Thinking again of the traumatic year that charities have had, compliance has been highlighted as a key area where lack of attention has caused major problems.  It is not enough to state that you comply with the DPA in the data protection statements you use – you must understand what it is, what is requires you to do – and then do it. Likewise the Institute of Fundraising Code of Fundraising Practice – it is not enough to simply be a member and the ethos of the Code must be present in all you do.

The GDPR brings in changes to compliance at two key levels:

  • Firstly, by rolling out the need to comply with regulations at data processor as well as data controller level, which means a charity using the services of a supplier must ensure they comply with regulations in the same way the charity does. One way to do this is to ensure this is contractually stated, and then checked on, by the charity.
  • Secondly, stricter financial penalties will apply, with much steeper fines available to punish failure to abide by the GDPR. Up to 4% of annual turnover could be at risk at the top end of the scale.


‘Privacy by design’ should be embedded in all business processes which collect and manage data, and also in the systems that store and process it. Security cannot be an afterthought retrospectively applied to a process or system, and so a culture change as to how data management is approached may be required.  The transfer of data outside the EU, and ensuring that supporters are adequately aware of where  their data will be managed, and why, receives more emphasis, and so attention to what suppliers are doing, how and where, is again highlighted.

What should non-profits do now?

Although the GDPR won’t come into effect until 2018, the two years from now until then should be looked at as a great opportunity for audit, review and process change.

As such, organisations need to look at a project team of the right people to review this across the organisation – data protection officer, fundraising, IT, data teams, communications and marketing, operational teams who use data, perhaps even HR and finance.

Most organisations will be best placed to start with an audit across all their data (where, who, how, when, why?) and build a plan of action to consider these new elements and how they’ll respond.

We consider the key areas of this may be:

  • Logistics of consent – from ask to coding and storage, to how it is accessed for selections and suppressions. CRM is going to be critical to this and recording response sign up, storage and in making selections, too.
  • Compliance with compliance – where are the gaps in your team considering what you know now? There will be more to come but do you need to look at a data champions programme, formal training, internal comms programmes or another route to ensure you all know what you need to know and can comply
  • Security review – what existing processes are in place, what needs to be in place and when, and how will you enact that plan?

Also key to success with this transition is understanding that the project will end, but the principle doesn’t – embed respect for consent, and understanding for it, in your organisation. Training, refreshers, documentation and champions can all ensure you stay ahead of the game, and do build in a bi-yearly review to check on any issues/concerns.

Don’t lose sight of why

The principle of why this is being done and new regulation is required is important – it’s easy to get bogged down in the day to day and lose sight of why.  This is about data protection and fundraising being trusted by individuals, supporters, clients, staff and constituents.  It’s in all our best interests to comply, not least because fines are more punitive than in previous regulatory cycles.   In the bigger picture, this is a recognition for all of us as consumers that the world we live in now is fast moving and ever changing – we shop across borders, travel across borders, donate across borders – and having multiple data rules in different jurisdictions which are hard to enforce is not in our best interests.

Keep it simple, superstars! 

Employ the KISS principle and do keep it simple in terms of the matter at hand, and your response. The main issue for fundraising is consent, and this is about treating people, and their data, fairly and securely, and as a two way relationship. Put yourself in your supporter’s shoes –  how would you want your data to be treated?

The GDPR gives a great starting point. If you look to review how you stack up to that now, work towards it, and come 2018 you’ll be in a great place. Build in the requirements of the existing and emerging fundraising regulations, and you’ll stay well ahead of the game. And if you’re wondering if all this will be relevant if Brexit becomes a reality, then yes, it will, as the UK will want to match EU requirements to stay in the trade game, so don’t use the forthcoming referendum as an excuse to do nothing.

How Purple Vision can help

Purple Vision can help with every aspect of a project like this – from leading the project for you, to offering specific advice and consultancy services on data, systems and other factors.  Drop us a line via email ([email protected]) or via 0845 458 0250 and ask us more.

The Grand GDPR Resource Library

The following links cover the wider legal and regulatory framework at play, as well as the GDPR developments:


EU/US Safe Harbor ruling and what it means for you

EU/US Safe Harbor ruling

First things first.  For those concerned with proper use of the English language, I must apologise.  The ruling we refer to is widely  (and legally) known as the Safe Harbor.  I’m itching to add the missing ‘u’, especially since it affects ‘you’ and nobody loves a bad joke like that more than the team at Purple Vision.

Itchy red pen issue dealt with, what we have to say next also does not relate to the image that the phrase safe harbor creates in our minds – calm seas, perhaps the wind gently whistling through the rigging of sailing boats … Safe harbor relates rather less prosaically to the issue of transferring data between the EU and US.

Why would you want to transfer data between the US and EU?

There are hundreds of reasons you might want to transfer data between the EU and US.  I might want to send an bank transfer to my best friend in California for Christmas.  If I worked for a multi-national company, I might transfer an active customer service case to be handled or processed between countries as the world passes through its rhythm of night and day.

In most cases, unless we get very geeky about small print, we might not even know that data is being transferred between the two locations.

The example that is being used widely in the media is about Facebook, because this is what has sparked the ruling. Handily it’s something most of us relate to as an example, too.

Facebook is an US owned site.  We’re using it in the UK (or across the EU).  Facebook crunches data algorithms to develop products and make startling insights about us (like my memory of the day from 5 years ago, or a compelling video of my 10 years on Facebook).  The main people that do this ‘magic’ might be in the US, but if our data is the EU and there are rules about data protection, how do I get the data between two places?

The safe harbor agreement – or to give it the full title International Safe Harbor Privacy Principles*  – provided a simple framework of self-regulation for US based companies to comply with the much more stringent EU data protection rules.

For the past 15 years, we have been able to sleep easy at night, knowing our data is being handled professionally, safely and with the respect demanded by anything which has the very bossy title ‘Directive’.

What’s changed? 

On Tuesday 6 October the European Court of Justice issued a ruling on the Safe Harbor pact.  This basically changes what has been the ‘established agreement’ on data and requires addendums – further additional protections.

The reason – quite simply, data may not be safe from US snooping.

As a result of Edward Snowden’s revelations (remember him, now lives in Russia after revealing secrets about US security operations and having them published in the Guardian?), an Austrian lawyer took Facebook to court in Ireland (their EU HQ), over the fact that data was stored in the US.  It’s not so much the fact it was being used in the US, as the way the data was being used – for example stuff he’d deleted was being kept over there.

If Snowden’s allegations are correct the US National Security Agency are snooping on the data and able to use it. You could argue they can see my holiday snaps on Facebook anyway (they’re welcome, I offer slideshows for the slow-to-say-no, too), but of course, it’s the principle that is the issue here.

The ruling basically states that “The United States … scheme enables interference, by United States public authorities, with the fundamental rights of persons…”

After years of happy compliance by thousands of companies it’s fair to say this was a bit of a surprise.

Yes, yes, yes, but what does it mean for ME?

Well for you personally, it might mean lots of things. But we’re primarily concerned with what this means for charities and organisations we work with, and the tools they use.

Number 1: Not everyone will be impacted. Remember this applies to companies who move data between the EU and US.  In many cases, providers use data centres in the countries they serve to avoid having to worry about things like this.

Number 2: In most cases where data is transferred its usually for a reason or a purpose which is clear. And most of us have nothing to fear from the NSA or other alleged agencies which may allegedly (see what I am doing here … ) ‘snoop’ on the data.

Number 3:  There is always a period of compliance with changes in Directives like this.  This period will start now and so this won’t, for many, be something that is solved overnight.

If you use Salesforce, it’s pretty easy to deal with

Salesforce is one of the organisations that relies on this agreement for some areas of its work.  Salesforce are one of the companies that have acted *super* quickly (to use an Americanism).  They have already been in touch with users with their immediate response and actions that you need to take.

Their email notes:

At Salesforce, trust is our #1 value and nothing is more important than the success of our customers and the privacy of our customers’ data. In light of the ECJ’s decision regarding the EU-US Safe Harbor Framework, Salesforce is immediately making available a data processing addendum that incorporates the European Commission’s standard contractual clauses, commonly referred to as “model clauses”.
The addendum ensures customers may continue to validate transfers of personal data under EU data protection laws.

They’ve issued a tool-kit of what to do, and it’s easy as 1, 2, 3

  1. Download the data processing addendum with the model clauses – handy link here to this data processing addendum
  2. Complete and sign
  3. Return to dataprocessingaddendum [at] salesforce [dot]com

They’ve also set up an FAQ page, which is sure to be one to watch with responses over the next few days.  There’s already handy info on the page (again, with the handy linky thing)

Our advice for other tools  and services

If you’re not a Salesforce user, what then?   The advice is really quite simple.

If you’re concerned about your CRM or other platform providers – do they have operations in the US?  If no, there’s no reason to worry.  If they do, watch your inbox.  If you want to be act now while you’re thinking about it, check their website and if there’s nothing there get in touch with your account manager to ask if there is an impact for you – they will likely tell you that something will follow shortly when they’ve had time to respond.  This will be soon.

But its not just CRM.  Check the digital tools you use.  Social media management platforms, email providers etc may all be US based or work with this pact.  Equally, they may not.  In this instance, we’re suggesting that you wait for an email from the provider.  You may also see a a notice or flash warning when you log into the site.  Read it and take the necessary action.


  • * EU Directive 95/46/EC for those of us who like to be really, really specific and look things up. Read all about it via Wikipedia (with all the usual caveats related to the use thereof), just like I did
  • Articles in The Guardian and via the BBC  News website are a good place to start for more information

Did you know the average direct debit is £20 per month ?


Earlier this week BACS, the organisation behind Direct Debits, put out figures which on headline examination seem to show that the average gift given to charities by this medium is… *drum roll please* … £20.

We had to do the maths to believe it

£20! As direct debit giving is the standard regular giving method, this should mean an average monthly amount of £20. To say I was gob-smacked is an understatement.

We had to white-board it out in the office to check that £1.2bn over 60m donations equated to… £20. And it did.

Is this direct debit gift really average?

I like to think of myself as a fairly generous charity donor, and I like direct debit. But the most I give to one of the 12 charities I commit to is £15, and that was through a self upgrade process over the years, as I decided to give more as my income went up (and I used to work there, and saw first hand how the money is spent – which helps).

The lowest is £2, and the average is £7. Nowhere near the £20 per month BACS indicate. And the many charities I have worked for have all aimed for a critical mass of small donations, but from a large pool of people, to enable them to work towards their mission.

Not one started with an ask of £20. Or £10. But in the main £2, £3 or £5.

Battersea Dogs and Cats Home is a great example of how a concerted push from a small start can change the income profile of an organisation, taking it from deficit to surplus in less than 5 years.

Start small and build up

I was somewhat relieved then to read Joe Saxton’s latest blog on the matter, which argued for a low starting point, and indeed seemed to defend that as a worthwhile donation over time.

With good and timely impact reporting the charity can ask for more, or if you’re strange like me, the donor may decide to upgrade themselves. Either way, the £2 is the starting point, the relationship is made, and the onus, rightly, is on the charity to either do the great things promised with the £2 and/or show what could be done with more – and have a programme to upgrade and develop.

I look forward to the next charity that approaches me for £2 a month, and tells me what it can achieve, as they might get it. Anyone who asks for £20 is likely to get an ‘on yer bike’ response in the first instance. But perhaps I’m not as generous as I thought. The direct debit figures certainly imply that.

What do you think?

What do you think? What is the best ask for direct debit giving?  A low starting point to build on, or a higher point that aims to be more impactful from the off?

At what point would you start giving to a charity, or at what point would you start to pay attention?  Let us know in the comments below …


The first rule of data club …

Last week on Monday afternoon I was very happy.

I was happy because I was in a room with 80 people who wanted to learn more about how to maximise their fundraising return using data. I was happy because I was leading a session at the Institute of Fundraising’s National Convention with a fellow data lover, Steve Thomas.

And I was happy because I knew we had great gifts to give. Not just nuggets of powerful information, but badges too, and ‘I *heart* data’ badges at that! At the end of the session, Steve and I had successfully initiated 80 new folks into Data Club, the first rule of which is you have to talk about Data Club. We had 80 new believers, each with their own badge. We had to stop some folks taking more than one.

The day got even better when the Institute of Fundraising National Awards that evening included an award for ‘Best Use of Insight’ for the first time and, in doing so, brought data into the main Awards arena.

Hats off to the IoF Insight SIG for gaining recognition for data analysis and implementation. And, after just two years of their own awards, for placing an insight award front and centre of fundraising. Well done too, of course, to CRUK who used data insight to turn an expected 5,000 ‘Dryatheletes’ into 35,000, and raising £4m in its first year of the campaign. Impressive.

So, what’s my obsession with data? Well, of our ‘Top Ten Tips’, a key starting point is that we’re all data. Yes – you are, I am, and our supporters are. So don’t think data as such, think people. And then you have more respect and take more care.

One tip is to keep things ‘clean and respectful’. What’s that all about? Well, unless you cleanse your data on a regular basis and employ good data protection practices by respecting when people do and don’t want contacting, then you’re wasting money and, likely, annoying people. Not good for the ROI. If you know what people want and who they are, and are recording how they behave, then you can start to segment. And segmentation can be a beautiful thing for growing relationships, which is what it’s all about (as any good fundraiser will tell you!). We moved away from transactional relationships a good while back and now it’s all about the journey. We had lots more top tips and, if you want to see the slides, follow the link or flip through them below.

If you want to know more about our love of data and what it can do to maximise your fundraising, come for a coffee, croissant, and a chat at the Purple Vision Data Breakfast on July 30th. It’s all about big data – what does it mean, what are the key challenges and how to start addressing them.

First rule of Data Club? Talk about Data Club.

Second rule? Wear your badge with pride.

Like these good folks from Battersea Dogs and Cats Home – out and proud about their love of data and demanding more badges! We’ll have more up for grabs at the Data Breakfast, so sign up now to secure your place.


See you there.



Data in Direct Marketing: Past, Present, Future

This week we’ve been at the Institute of Fundraising’s National Convention, the biggest event for fundraisers in Europe. It’s a tremendous event – 2,000 people attend – and the content is fabulous.

Our own Dawn Varley presented on a subject close to her heart – data! Alongside Simon Freeman, Supporter Analysis Manager at Save the Children, and Jonathan Moxham, Database Marketing and Analysis Manager at the British Red Cross, Dawn delivered a session entitled ‘Data in Direct Marketing: Past, Present and Future’.

Dawn’s role was to describe the ‘Future’ of data in direct marketing – here are her predictions, heavily laced with a huge dose of common sense!

What does the future hold?

There’s a lot going on in the world of data and data systems at the moment. Some folks think ‘the cloud’ is the answer (sometimes without really knowing the question) and others think gobbling up more and more data (BIG data!) will give insights we didn’t even know we needed! Amongst all this we have the shifting sands of technology suppliers and the systems they offer. Is your database really going to serve your charity well for the next 10 years or will something more shiny revolutionise your fundraising? All these questions and no real answers. And I don’t have answers either – but here’s what I think …

‘The Cloud’ – means many things to many people, and is one of those buzz words banded about without much thought as to what is really mean by it. It can mean a myriad of different things – it’s the context in which it is used that defines it.  There’s no doubt that ‘The Cloud’ offers us great options to do things in different ways, from removing IT infrastructure to storing our data in the ether rather than in a ‘traditional’ model sat in the office such as thankQ, Care, Raiser’s Edge etc. But for the subject at hand, data in DM, these things matter not.

BIG data is cool, it’s out there, and it can add layers of insight that we never thought possible. But for charity DM right now, it’s not the immediate future – small is where it’s at. ‘Small’ data is YOUR data – the stuff sat in your database about your supporters, and it’s more important to get that in good shape (clean, robust and meaningful), have it understood (a data dictionary exists) and be worked well (you have a data strategy which matches your fundraising strategy), than to start getting fanciful about the BIG stuff. For charities, the land may lie very differently in 20 years’ time but, for the short term, make sure your house is in order.

Before considering my predictions, we need to be sure not to forget the past. ‘Study the past, if you would divine the future’ said Confucius – and I agree. The future needs to be built on the foundations laid in the  past – so the basic, solid and critical stuff we know about DM remains the core. We need to apply a robust RFV model to ensure we’re looking at the most responsive (aka profitable) sections of our supporter bases – and adding more segmentation and analysis will help target what should be the cream of the crop (the past and present as dealt with by my co-presenters Simon and Jonathan). But, looking forward, the key question is what do we need to add to that to maximise return for charities?

Prediction 1 – the future is indeed mobile

There were more than 100 sessions at the IOF’s National Convention this week, and it seems that most have the same prediction– that mobile devices are the future of fundraising. I’d agree, but with an important caveat. Yes, these are now essential devices – always with you, always on, and always demanding of your attention (Google ‘continuous partial attention’ – fascinating stuff) – but we can only start to make this a meaningful channel for fundraising if we have the data to join up the dots.

If I donate to your charity by SMS, and am also a regular donor by DD, do you know I am one and the same? How? You will only know this if you have my mobile number on your database, so you can match my SMS donation number to the mobile number you have on my record (most likely created when I took out my DD). The vast majority of charities won’t have that, and don’t have plans to capture that information at the point of sign-up. Start now!

Crucially, don’t lose sight of your best supporters. If Dorothy Donor is your number one supporter, you are less likely to engage her via this channel. Don’t get too distracted by the shiny, exciting digital stuff when what you need is a good banker postal pack and a robust legacy programme. Digital won’t meet all your targets whereas the offline tried and tested techniques will be the mainstays of income generation for many years to come.

Prediction 2 – it’s social

Communications, therefore marketing, therefore fundraising, has moved from broadcast to interactive, especially for online activity. We have to listen, interact and respond if we are to maximise fundraising. Some would say it’s relationship fundraising – who was it that said that?! But it’s not just about organisation-to-supporter relationships. A new report out this week states that 51% of the charity audience is online; that 30% of donations come through online methods, and that (brace yourself) 90% of online donations are made through online giving sites.

What that means is that it’s highly likely not to be you, the fundraising expert, who is asking for this money. It’s all those supporters out there who are throwing themselves out of planes, running marathons, or just asking for donations (instead of presents) for special occasions.

And whilst these people are just fantastic (we love them) they are not professional fundraisers – so we need to transfer some skills to help them maximise their ROI (and tell them what that is)!

We need to support our armies of fundraising supporters, and provide them with the tools and skills to make the most of their energy and commitment. They need to know the Fundraising 101’s:

  • People fundraise from people
  • Stories are critical
  • Know your case for support and how to express it
  • Make the ask, repeatedly where necessary

Prediction 3 – Data and tech and teams

In the future, the most successful fundraising organisations will have realised the importance of data and the technology that captures, stores, analyses and works it. Plus, they will have their house in order.

  • Get your data in order – capture the right data, at the right time, in the right way. And use it intelligently. Information is everything (think of Amazon or Tesco in the commercial world).
  • Get your technology in order – fit for purpose, future proofed systems which, crucially, can talk to each other easily and that people like to use (Google, Facebook, Just Giving).
  • Get your teams in order – silo working helps no-one – invest in the ways you work inside your organisation and get your people talking.

Ideally, when doing all the above, do it by stealth. It breaks my heart to admit this, but people generally don’t get excited by data, or technology, so present it in fundraising terms – it’s about raising more money, more easily, and more efficiently. Honest.

Prediction 4 – DM basics remain true

As much as things change, they stay the same. Ensure you keep your DM basics close to hand – the principles remain the same across all channels:

  • Right message, right time, right person (who remains Dorothy Donor in most cases – never forget you are not your donor, and the future is not now)
  • Your case for support is everything: Stories, told by people
  • Collect the data, analyse the results, act on the knowledge, test where you can. Digital routes make testing easier & quicker

And as a final reminder to not get distracted by the shiny, exciting digital stuff too much, I’ll close by saying:

Learn from yesterday, live for today, hope for tomorrow.

The important thing is not to stop questioning. Albert Einstein