Fundraising Data- Part 3: Own Your Data

March 13, 2020      Ilja De Coster, Director of Data Strategy, DonorVoice

Looking back at the implementation of the General Data Protection Regulation (GDPR) with nearly 2 years of hindsight, it seems that almost everyone went crazy on the issue of consent and that pendulum is only now just starting to swing back to sanity.

What was lost in the scramble and panic over consent was any serious attention to the ultra-important issue of owning your own data.  This is a lesson not only for those organizations subject to GDPR but for everyone, everywhere who will increasingly be faced with privacy regulations.

GDPR makes a quite strong distinction between being a ‘data controller’ and being a ‘data processor’. The controller is the ‘owner’ who ‘determines the purposes and means of processing personal data (Article 4.7 GDPR); the ‘processor’ is a more technical provider who does something with the data on behalf of the controller, but only under instruction of the controller (art.4.8).  Of course reading The Agitator is far easier than reading legal texts, but do take time to read Chapter IV of GDPR here.

In theory, the organization can freely decide who is the ‘processor’ and who is the ‘controller.’  In practice, the charity should always be –and remain– the only controller. Any F2F agency, TM agency, DM agency, online platform (yes, even the DonorVoice Feedback Platform…) should always and only be the processor. Processors have no right to determine what to do with or share your data – that is your role as controller. Unfortunately, in my experience several F2F agencies and DM agencies claim to be the controller, and few charities seem to care.

The Important Distinction Between ‘Controller’ an ‘Processor’

Why is this an important distinction?  One of the main—and best– provisions in GDPR is that it makes clear the controller is the boss; the processor should always do what the controller says.

What happens if the nonprofit isn’t the controller?  Any of the following:

  • Your DM agency uses your donors to send gift requests on behalf of another charity, even without you having to give them your donor data for this swap. As the controller, they hold the power.
  • Your F2F agency can choose to share with you only the net signups: only those donors who remain after any quality checks or welcome calls. You might think this is only what you need. But if this is the case essential quality issues will be hidden from you: you don’t see early no shows and you’ll never get valuable feedback from those donors who felt forced into giving or otherwise had a lousy giving experience. Consequently, you’ll never be able to fix that part of the donor experience.  And you won’t be able to work to re-recruit those donors, whether as monthly or one-time donors.
  • Your payment processer would only share the total recurring direct debit income for that month. Enough for your accountant, but you’ll never see exactly who is staying or leaving. And you can’t initiate any specific intervention if you don’t have that insight.
  • Your social media platform will give you names and amounts of online donors, but no contact details. No worries, you think: we can just use the ‘communicate to my donors’ button on that platform, but outside that platform you’ll have no way to reach out to your donors. And, as Nick has discussed, this has become more and more where you need to pay every time you want to reach these donors.

Owning Your Data is Key to Building Donor Relationships

Owning your data is the key to building donor relationships and to sharpening your donor experiences. Only when you have the full data can you independently analyze and understand what is happening with your donors. From this, you can generate insights to act on.

Whenever I meet a fundraising agency for the first time, I’m quite direct with them: “Hey guys – I’m not interested in your reports; I might trust you, but your reports are useless for me. I’m interested in your raw data, all of it. And remember, I’m the controller, you are the processor – so don’t start to argue on privacy or data security: all that data is mine, give it to me or I won’t work with you.”

Why? Because having the raw data is what’s necessary to do predictive analytics (and build donor identity on your own terms).  When you have the raw data, you can benchmark against other agencies and historical data.  Benchmarking based on reports an agency generates when you have multiple agencies is like comparing apples and oranges.

The extreme of not owning your data is data hijacking by vendors. Roger talked a lot about this here and here. It is about vendors trying to prevent you from leaving them for another vendor, creating unethical barriers to exit.

Yes, having a decent legal contract in place making clear you are the controller is great, but not enough.

Here are two little secrets to avoid any risks of data hijacking.

  • When procuring new data systems ask in detail about its export functionalities: how I can get my data out in bulk, with as little button pressing as possible. I check whether I can get direct SQL access to the main data… I check their API documentation on any ‘GET calls’ I could do… If the system does not give me enough autonomy to get out all data when I like – I simply won’t buy the system.
  • Once the system is activated, I regularly do just that: dump all my data out of that system, simply for the purpose of storing it elsewhere. In some case I even automate it using my ETL-server – but if you can’t automate, spending about an hour each month to manually dump everything is worth doing to assure your organization’s autonomy.

No matter how much I trust a vendor, trust is built by being able to act in case of mistrust or misunderstanding. When I know I have my data, only then I can I properly deal with my vendor.

Yes, there is a downside of being your own data controller: you do have responsibilities if you want to earn and keep your donors trust.  Make no mistake.  Whether you are or are not the controller your donors will hold you and you and your organization responsible.

Ilja

 

3 responses to “Fundraising Data- Part 3: Own Your Data”

  1. Jay Love says:

    Ilga and Roger,
    I am guessing by the lack of replies to your outstanding post and excellent best practices, we are seeing what is an unfortunate reality in the nonprofit world. Namely, that very few people even at large charities can actually work with large amounts or even moderate amounts of raw data.

    When I help create the very first on line database/CRM with eTapestry back in 1998, we were proud to state all of your data could easily be downloaded. However, out of thousands and thousands of customers only a few handfuls ever did that. We eventually stopped showing the function in demos for fear of people falling asleep during that portion!

    Going back even further during my Fund-Master days when I ran user groups around the country, I spoke first hand to over 2,500 of our customers. I lead off every user group with four questions:

    1. What version of the software are you on? (At one user group in Chicago we had 150 people and 17 different versions being used!)
    2. Why are you not on the current version? (My favorite answer of all time was due to a premature birth of a baby 18 months earlier.)
    3. When was your last back-up of your data? (You see in those days there were no online vendors doing this multiple times per day like we do now)
    4. When was the last time you took your back-up and “restored” it to see if it was usable? (After asking around 2,500 customers there were only 7 that had every done that crucial step! BTW, all of the online vendors with true SaaS products now do this regularly!!)

    Do those answers scare you? They did me and it is a key part of why I helped create true online, built from the ground up web based systems like eTapestry and Bloomerang.

    So, I hope folks listen to what you so aptly stated in your post. But be aware there may be just a small portion who can put them into practice.

  2. Roger Craver says:

    Jay,

    For those of us who’ve “suffered” through this over years the frustration level is about as high as I’ve seen it. But only among experienced folks. Unfortunately, the issues around data are so basic, so fundamental, yet probably the least understood of any of the fundraising basics.

    All I can recommend is exactly what you’ve been doing all these years –keep pushing the rock up the hill.

    And thank you for all the pushing you’ve already done.

    Roger

  3. Ilja De Coster says:

    Indeed Jay,

    What can we do else than keeping up our missionary work?

    Greetings,
    Ilja