Case Study: Alumni Affinity Groups Done Well

As marketers, new regulations around data and communications might make us worry. But the GDPR presents opportunities to build goodwill and serve your people better.

When new rules are first introduced, our first reaction is often fear of administrative burden, challenges of compliance, and of punishment if we don't meet the standards.

But every one of the recent data protection laws, CAN-SPAM, CASL and GDPR, are created to provide better experiences for the clients who trust us to keep their data.

In this way, they’re perfectly aligned with our ideals for ourselves and our clients: to be helpful, transparent, and provide valuable, relevant information. Trouble comes when there's little regard for the constituent's interests and when there's poor stewardship of their data.

Complying with the GDPR requires effort for every business with a marketing engine. But doing the right thing for your customers builds goodwill and leads to growth.

Here's super-brief summary of what you need to think about in terms of the GDPR and marketing to your constituents:

The GDPR requires that you enable your constituents to specify exactly how they want to hear from you.
The GDPR requires that you disclose details about how you collect and process data - who you partner with on it, and what your policies are. The “right to access” and “portability” mean your constituents should be able to obtain, upon request, a copy of their data, and see what they've signed up to receive.
The GDPR requires that you honor your constituents “right to be forgotten.”, which means you won't be wasting your time trying to communicate with someone who doesn't want to hear from you. But there may be some valid reasons to retain certain data, such as a record of a donation or event attendance. You'll want to discuss this with your legal team and clearly define how you will handle this, and even include it in your privacy policy.
The GDPR requires consent or legitimate interest to retain and process a constituent's data. This leads to more engagement and fewer opt-outs. If there are constituents in your database that you don't have opt-in records for, you should review with your legal team to determine if you have lawful basis to retain them. Lawful basis can be proven if it's necessary to keep the information to perform a contract (i.e. they are a member of your alumni association), you can demonstrate that they have "legitimate interest", or you've received opt-in consent to a clear statement of what you're using the data for.

Remember, if you've lost track of the opt-in status (or never confirmed opt-in), you can run an opt-in confirmation mailing. Emma offers some great advice on how to execute a campaign of this type in this help document.

The GDPR affects many areas of business - from technology in your website stack to privacy policies and internal processes, to legal documentation. Not only is compliance the right thing to do, but the fines for non-compliance can be staggering - tens of millions of dollars or up to 4% of an organization's annual revenue.

To learn more, straight to the source, visit the official GDPR website of the European Commission at ec.europa.edu.