2. Jon Dartley, Ph.D
Attorney, Perlman & Perlman, LLP
Joseph Gomez
Business Development Director,
Production Solutions
Rayna Clarke
Senior Account Manager, Tripi
Consulting
Lisa Maska, CFRE
Partner, Lautman Maska
Neill & Company
4. GDPR
What You Need to Know and Do Today
Presented by
Jon Dartley, Ph.D
Attorney, Perlman & Perlman, LLP
Please be advised that the information provided in the presentation is for general
information purposes only and is not to be construed as legal advice.
6. 6
What you need to know about GDPR now
To whom
does GDPR
apply?
What are the
penalties for
noncompliance?
!
The regulation applies to all
organizations collecting, processing,
using and/or storing the personal data
of affected individuals, regardless of
the organization’s location.
This includes U.S.-based companies
who touch EU citizen and resident
personal data such as: name, address
information, email address, racial or
ethnic data, political opinions, religious
or philosophical beliefs, trade union
membership, health and genetic data,
biometric data, political opinions and
sexual orientation.
While certain clients have been
working on their compliance
approaches for some time, others
may not yet realize GDPR’s
applicability and, either way, they
may need our help to gain
assurance on their progress or to
jump-start their compliance efforts.
Why are
we just
discussing
this now?
After May 25, 2018, fines for non-
compliance are €20 million or 4
% of global revenue – whichever
is greater.
The enforcement posture remains
to be seen, but expectations are
that, at a minimum, organizations
experiencing any type of a
(publicly known) breach may be
likely enforcement targets.
7. Myth or Fact?
The GDPR doesn’t apply to my organization because…
We have no offices or employees in the EU
Our EU membership / contact lists is small
We are a nonprofit
We are a service provider
The information we hold is anonymous
The bottom line is that the GDPR applies to any organization that
collects and holds “personal data” of individuals residing in the EU,
regardless of the organization’s location.
7
GDPR Applicability
8. Risk of Noncompliance
Reputational concerns
Loss of opportunities
Disruption due to regulator inquiries
Fines
8
GDPR Applicability
10. Transparency
Right of Access
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
10
New Obligations Related to Personal Data
11. 11
Higher Bar for “Consent”
A clear, affirmative act
Ticking a box
Technical settings that
record/verify
acceptance
Silence
Pre-ticked boxes
Inactivity
Too broad
-
12. Example of Acceptable Consent
👎 I hereby consent to the processing of my personal
data for the prize draw, and for general marketing
purposes, and other related activities.
👍 I hereby consent to the processing of my personal
data for the prize draw.
13. Additional Requirements
Responsibility for Third-Party Vendors
Controller vs. Processor
Limits on Data Retention
New Data Security and Breach Notification Obligations
15. Immediate Actions to Take in Light of GDPR
1) Evaluate current compliance – Review compliance across the
organization
2) Update website and applications: privacy policy and cookie notices
3) Vendor contracts: complete data processing addendum and review
for additional changes
4) Explicit consent: Review past and current practices to determine
compliance
5) Design and implement compliance systems to comply with the
GDPR: the right to be forgotten; portability, etc.
16. Privacy is here to stay
Organizations Must be Proactive
Canada
PIPEDA – Personal Information Protection and
Electronic Data Act (2000)
European Union
• GDPR – General Data Protection Regulation (2016)
• Privacy Shield
• E-Privacy (2002)
• EU Member Regulations
United States
• CCPA – California Consumer Privacy Act (2018)
• COPPA – Children’s Online Privacy Protection Act (2000)
• HIPAA – Health Insurance Portability and Accountability Act (1996)
• GLBA – Gramm-Leach-Bliley Act (1999)
• Other U.S. state regulations
China
CSL - Cybersecurity Law of the
People’s Republic of China (2017)
United Kingdom
• Data Protection Act (2018)
• PECR – Privacy and Electronic
Communications Regulation (2003)
Australia
APP – Australian’s Privacy Principles (1988)
India
PDPB – Personal Data Protection Bill
Philippines
Data Privacy Act (2012)
Brazil
• Brazilian Internet Act (2014)
• LGGP - General Data Privacy Law
(2018) effective 2020
Malaysia
PDPA – Personal Data Protection
Act (2010)
New Zealand
Privacy Act (1993)
17. Wake–up Call
Organizations Experiencing Loss of Personally Identifiable
Information Grows Each Year
According to a report from the Identity Theft Resource Center and CyberScout,
despite organizations faced a greater risk than ever of having their data stolen
Total number of personal records exposed more than doubled in 2018, according
to a new report.
Costs also continue to rise:
Global average cost of a data breach is up 6.4 percent over the previous year to $3.86
million.
The average cost for each lost or stolen record containing sensitive and confidential
information also increased by 4.8 percent year over year to $148.
18. Why is Protecting Data Important?
Data is a valuable organization asset, like any other
Data is at a higher risk of theft or misuse than ever before
Loss of data can have long-lasting consequences
Reputational harm
Loss of donor trust
Financial penalties and costs
Legal liability
Organizations have obligations to protect data
Laws, regulations, guidelines
Contracts with third parties
Privacy policies
19. Best Practice – PII Audit
What
Why
Who
Where
When
How
DATA
What data does your organization collect?
Why is the data collected?
Who has access to the data?
Where is the data stored?
How is the data protected?
When is the data deleted?
20. Best Practice – Review Vendor Agreements
Organizations are increasingly relying on third parties to provide
critical services, and to host PII of their donors and employees.
Unfortunately, these vendor contracts are typically extremely one
sided in favor of the vendor.
Review contracts with vendors that collect, process of hold your PII
Privacy and Security
Limitation of Liability
Indemnifications
Breach Notification
21. Best Practice - Implement Data Retention and
Destruction Policy
Get Organized
First step in any retention policy process is to organize the data you already have.
Get Informed
State, federal, and tax laws may vary with respect to what data and communication you are
expected to retain and for how long. You will certainly want to consult legal counsel at this
point.
Get Backed Up
No policy in the world can help you if you don’t implement physical methods of ensuring that
data is protected until you decide to take action on it.
Get Destructive
Backing up takes care of the stuff you need to retain indefinitely; you need to have equally
robust procedures for destroying data that you decide not to retain
22. Best Practice - Cybersecurity Insurance
Identify your unique risks
Match your insurance to your company’s risks
Beware of exclusions
Consider coverage for acts by third parties
Negotiate for an early retroactive date
Understand the “triggers”
Evaluate coverage for data restoration costs
Consider coverage for loss of information on unencrypted devices
Consider coverage for regulatory actions
23. Where to Go for More
Information/Updates
iapp.org/news/daily-dashboard/
jon@perlmanandperlman.com
27. Postage & Production
A changing volatile world for your direct mail program.
Joe Gomez, slide 1
28. Joe Gomez, slide 2
Being
Prepared
is Your
Best Plan
Effective research, planning and preparation
insulates your direct mail program.
✓ Why the paper market has changed and how it is
affecting you
✓ How to save money on postage
✓ China Tariffs - What’s Next?
✓ Planning for the future - risk management
✓ USPS Informed Delivery
✓ Marketing Mail & Flats Requirements
30. What Is Causing Our Current Paper Market Woes?
Joe Gomez Slide 4
❏ Consolidation
❏ Paper Manufacturers
❏ Converting to more profitable products
❏ No longer stocking low use items
❏ China
❏ Simple Economics - Supply & Demand
31. ❏ Pre-planning Is the First Step
❏ One year out if possible
❏ Adding estimated increases to annual budget is a double edged sword
❏ Give longer lead times on specialty stocks
❏ Work closely with your production partner
❏ Print full tints rather then order colored stocks
❏ Stay informed, use that information strategically
Navigating the Paper Market
Joe Gomez Slide 5
32. Postage Cost
Containment
Joe Gomez Slide 6
Start with a Postal Audit
❏ Goal – Compare cost to delivery time
❏ Different products based on program volume
❏ Options:
➢ Standard Presort
➢ Drop ship / Co-pal / Comingle
❏ *Additional – re-test 1st class segments & paying for
reply mail
33. USPS 2019 Mailing Incentives
➢ Tactile, Sensory & Interactive
Promotion
➢ Emerging and Advanced Technology
Promotion
➢ Earned Value Promotion
➢ Personalized Color Transpromo
Promotion
Joe Gomez Slide 7
Mobile Shopping Promotion
•Active: August 1 – December 31
•Registration Period: June 15 – December 31
•Up to 2% of eligible postage
Informed Delivery Promotion
•Active: September 1 – November 30
•Registration Period: July 15 – November 30
•Up to 2% of eligible postage
34. China Tariffs - What’s Next
➢ The Office of the United States Trade Representative (USTR)
➢ May 10th Increase
➢ Some items that already had an additional 10% tariff applied were
hit with another 15%
➢ What you need to know:
➢ Not all items are subject to the additional tariffs
➢ Work with your partners to review import items.
➢ What’s next?
➢ Potentially new 25% tariff on additional items, hitting previously
spared goods such as apparel, electronics, toys, and other
household goods. A public hearing will be held on June 17th
Joe Gomez Slide 8
35. Joe Gomez, slide 9
Mail
Tracking
Information Tool & Risk Management
✓ Complete transparency on
distribution
✓ Launch E-mail or TM
campaigns
✓ Return mail tracking – budget
forecasts
✓ Warm blanket when issues
arise
✓ Inexpensive
36. Joe Gomez, slide 10
USPS:
Informed
Delivery
✓ Simple and inexpensive
✓ Get additional impressions to donors
and prospects
✓ Still in its infancy
with plenty of
opportunities on
the horizon!
37. Joe Gomez, slide 11
USPS Decision on Marketing Mail
and Flats Requirements!
Bonus
for 2019
✓Grass roots effort of NPO’s
& fundraising associations
were heard by the USPS
✓Over 4700 opposition letters
sent
✓Results – No changes to
current requirements
39. Tooting Your Horn to
Build Trust:
EVERYTHING YOU NEED TO KNOW ABOUT FEATURING WATCHDOGS,
ENDORSEMENTS, AND TESTIMONIALS
Rayna Clarke, Slide 1
40. Why Feature Endorsements?
• Build trust with your donors and
prospects.
• Announce new awards or ratings.
• Communicate that you value
transparency.
• Give a quick snapshot of your
financials.
• May boost response. Always test!
Rayna Clarke, Slide 2
42. America’s Best Charities
• ABC is a nonprofit that works as a liaison between
charities and the Combined Federal Campaign (CFC);
ABC uses the CFC’s application process for their membership.
• Any ABC member can use their “Best in America” seal.
• ABC’s only DM-related requirement for application is:
“Applicants' fund raising materials and other information to the
public must be truthful and nondeceptive.”
• Cost: requires both an application fee and (if approved) a
listing fee; these are per the CFC, are updated each year, and
use a sliding scale based on the organization’s budget.
Rayna Clarke, Slide 4
43. BBB Wise Giving Alliance
• Standards 8 and 9: Program Expenses and Fund Raising Expenses
Maximum 35% of total expenses to fundraising, minimum 65% to
programs.
• Standard 18: Donor Privacy
Must offer an exchange opt-out at least once per year for all
donors who are solicited via the mail. Must also offer a
comprehensive privacy policy on the website.
• Standard 15: Accurate Materials
Relevant info: solicitations must not be misleading or outdated.
Rayna Clarke, Slide 5
STANDARDS MOST RELEVANT TO DIRECT RESPONSE:
44. Rayna Clarke, Slide 6
STANDARD 15: ACCURACY OF MATERIALS
Source: www.give.org/for-charities/How-We-Accredit-Charities/
BBB Wise Giving Alliance
45. Rayna Clarke, Slide 7
STANDARD 15: ACCURACY OF MATERIALS
So how does this affect our acquisition control?
For any photos or stories in your control package, ensure nothing is
presented in a misleading way, and identify the year that the photo
or story is from. This can be done most easily and unobtrusively in a
photo credit or caption.
The same strategy can be used in renewal appeals to ensure
accuracy, and is overall a good practice to maintain transparency.
BBB Wise Giving Alliance
46. Rayna Clarke, Slide 8
SEAL LICENSING COSTS:
Annual fees are on a sliding scale, “based on the level of total contributions received by the
national charity in the past fiscal year” (excluding government grants and in-kind gifts).
BBB Wise Giving Alliance
Total Contributions Annual Seal Licensing Fee Total Contributions Annual Seal Licensing Fee
< $1 Million $1,000 $100M - $124.9M $16,000
$1M - $4.9M $2,000 $125M - $149.9M $17,500
$5M - $9.9M $3,500 $150M - $174.9M $20,000
$10M - $19.9M $4,750 $175M - $199.9M $22,500
$20M - $39.9M $6,000 $200 M - 299.9M $25,000
$40M - $49.9M $6,750 $300M - 499M $27,500
$50M - $74.9M $11,000 $500M + $30,000
$75M - $99.9M $12,500
47. Charity Navigator
Rayna Clarke, Slide 9
• Rating system is one through four stars.
• Rating criteria based on two broad areas of a nonprofit:
financial health and accountability and transparency.
• Charity Navigator does not accept any fees from the
nonprofits it rates, in order to remain objective.
48. Charity Navigator
• Website Privacy Policy
Nonprofits should have a written donor privacy policy on their
website, which informs the donor how their data will be used.
Charity Navigator categorizes privacy policies in three ways: yes, opt-
out, and no.
If a nonprofit rents or exchanges its donor list, it should specify this
in the privacy policy and provide a way for donors to opt-out.
Rayna Clarke, Slide 10
STANDARDS MOST RELEVANT TO DIRECT RESPONSE:
50. CharityWatch
Rayna Clarke, Slide 12
• Rates on a letter scale, A to F.
• Rating is based on two metrics:
program % (total percent of
expenses spent on programs) and
cost to raise $100, within the
rating year.
• Receiving a rating is free for
nonprofits, and CharityWatch
chooses whom to rate based on
member requests.
Source: www.charitywatch.org/charitywatch-criteria-methodology
51. CharityWatch
Rayna Clarke, Slide 13
• In CW’s evaluations, joint cost allocation (i.e., educational
content) within fundraising appeals are adjusted out of
program expense totals.
• Highly-rated organizations must have a clear privacy policy
and way for donors to opt-out of data exchange.
Source: www.charitywatch.org/charitywatch-criteria-methodology
STANDARDS MOST RELEVANT TO DIRECT RESPONSE:
52. GuideStar
Rayna Clarke, Slide 14
• Assigns seals of transparency, which rank from worst to best
as: bronze, silver, gold, platinum.
• Seals are cumulative; a nonprofit must have bronze to
become silver, etc.
• Each new seal is gained when a nonprofit enters more
information into their GuideStar profile
• There is no cost to create a profile or gain a seal.
53. Examples of Other Endorsement Options
Rayna Clarke, Slide 15
INDUSTRY-SPECIFIC GROUPS & AFFILIATIONS
PRIZES & ACCOLADES
54. Examples of Other Endorsement Options
Rayna Clarke, Slide 16
“BEST OF” LISTS
TESTIMONIAL QUOTES & MEDIA FEATURES
• Praise from public figures with good name recognition (always test this!)
• Article quotes from prominent media organizations
AND DON’T FORGET TO SHOUT OUT YOUR FINANCIALS
… as long as they’re good!
55. Endorsement
Audit
Our office conducted an audit of the
following for all endorsement and
financial information:
• Renewal appeals we received in the
mail over several months from
November 2018 to early 2019
• Acquisition packages we received in the
mail during the same time period
• Website donation pages of
organizations featured on Charity
Navigator and Consumer Reports
top/best charities lists
Rayna Clarke, Slide 17
69. Considerations
If your rating changes next year,
will you need to reprint stock?
Rayna Clarke, Slide 31
Will this endorsement resonate
with my audience?
How many endorsements do we
need to get the message across?
What cost is worth it for our organization
to secure an endorsement?
Icons designed by Freepik via flaticon.com
70. Jon Dartley, Ph.D
Attorney, Perlman & Perlman, LLP
Joseph Gomez
Business Development Director,
Production Solutions
Rayna Clarke
Senior Account Manager, Tripi
Consulting
Lisa Maska, CFRE
Partner, Lautman Maska
Neill & Company