What You Should Know About GiveGab Enterprise and GDPR
Most likely you’ve heard about GDPR, or the General Data Protection Regulation, taking effect for EU residents effective May 25, 2018.
Why does this matter to you? Because all organizations working with the data of EU citizens will need to be compliant. Though the concept of data security is understood by many, the actions which organizations need to take for GDPR is not.
As a customer of GiveGab who is using our donation forms through GiveGab Enterprise to process transactions, you will likely want to be familiar with and take action on a few items. In terms of reviewing the information on GDPR and our recommendations, keep in mind that you are considered the Controller and GiveGab is the Processor.
1. Review GiveGab and GDPR Policy
First, please review and familiarize yourself with our policy related to GDPR. This will inform you on how you can respond to EU resident inquiries and requests should they arise.
As the Controller, you will be responsible for receiving and approving any “right to be forgotten” requests.
You would also need to pass those requests on to the Processor, GiveGab, in the case of a donor using the Enterprise Platform donation form for your organization.
2. Actions for Your Organization
Second, consider what general actions your organization should take in relation to GDPR. Based on the recommendations of most legal teams, you will most likely want to add information about your compliance in two or more places.
In regards to your use of the Enterprise Platform for donation and informational forms, you should review your organization’s email branding and form receipt content and determine if a note about GDPR should be added in the lower section of the receipt.
GiveGab recommends this and most organizations will wish to do so to ensure their donors can easily locate the information should it be necessary.
3. Updating Your Website
You should also consider adding information to your organization’s website. This might be in the form of additions to your Privacy Policy or Terms, adding content to a form’s footer (such as when your form is embedded on a website you do not control), or other methods, depending on how your organization has chosen to provide information to donors.
You will want to ensure you indicate how you handle requests related to GDPR and a donor’s data. You will also want to ensure your policy and process aligns with any vendors, such as GiveGab, which you use.
If you have questions about how to modify your receipts or regarding the GiveGab Enterprise GDPR policy, please email us at enterprise-support@givegab.com or contact our Data Protection Officer (DPO) by emailing dpo@givegab.com.