The field 'GDPR_Status' has been established in your iModules/Encompass database. The field can be found on the “Admin Only” tab of the Profile. This field is a marker to help you segment your constituents.
By default, all constituents will be marked as 'Unknown.’ In order to mark your constituents with the appropriate GDPR status, you will need to do a profile import. We also suggest that when you import these constituents, you also mark them so that they are not in the directory results by using the 'Is Directory Hidden' field. The ‘Is Directory Hidden’ field will remove constituents from any directory instance, but you can have your consistent opt back in. Discover more information below on how to get your constituents to opt back into the directory.
Importing and the Fields to Use
It is important to work with your data team to ensure data is being updated appropriately and routinely. The new GDPR field as well as the ‘Is Directory Hidden’ can be added to your routine profile imports. If you decide to do a one-off import to start, we recommend creating a file including the following information:
- Your Institution’s Constituent ID
- First Name
- Last Same
Click here for a file example with column headers.
If you need assistance or have questions on importing, please visit the iModules Support Center or contact our Application Support Team by submitting a support ticket or sending an email.
Furthermore, if the ‘GDPR_Status” field does not automatically generate within Encompass, you may have changed the name of your “Admin Only Information” category. Please submit a ticket to the Support Center as the iModules team will need to manually add the field and the role to your catalog.
About the GDPR Status Field
As we mentioned above, the 'GDPR_Status' has been added to your Encompass database and lives on the ‘Admin Only’ tab of the profile. Please note that there are three supported data values that are acceptable to be imported into this field:
- This will be set to all constituents by default.
- Value should be assigned for all constituents that GDPR applies to.
- A role will be assigned to any constituent with this value called 'Is_GDPR_Applicable'. Please see below for suggestions on ways to use this role.
- Not Applicable
- Value should be set to those that you know are not GDPR constituents.
(5/4/2018 – ‘GDPR_Status’ was added to your Encompass database with a null value instead of ‘Unknown’. iModules plans to update these null values to Unknown during our next maintenance window. This update will NOT impact any records that have already been updated by an import.)
Since this field lives on the profile, it can be used for querying within data viewer for further reporting.
I’m Done Importing, What Do I Do Now?
Okay, so you have determined the constituents that are GDPR applicable, now what do you do? Ultimately this decision is up to your institution, but we have some suggestions for you.
Consent to Email
In order to continue to communicate with the GDPR applicable group after the GDPR laws go into effect, you will need to receive their consent. If you elect to not obtain their consent prior to May 25th, your institution will be unable to communicate with these GDPR applicable constituents until they initiate a new transaction.
Later this year iModules will start on the roadmap items for email subscription management to better enhance and support GDPR. However, in the short term, you can create a form laying out your email categories so that you can receive consent to solicit. This will be a collection of the data and in no way communicates back to the email subscription category management.
Once the data is collected you can then use this to update your opt-outs through an email category import. You will have two different groups to address through the opt-outs. First address those users who did not respond by a pulled list of all users that were sent the email asking to update their preferences and that did not submit the form. This group will need to be opted out of all email categories.
You will also need to address those that did complete the form, but specified which communications they would like to receive. Any email categories they elected not to opt-in to will need to be imported through the email categories opt-out.
Suggestions on the form to collect consent:
- Enable Identity Checkpoint.
- Enable pre-populate profile data from link.
- Set an end date of May, 24, 2018 so that the form will no longer collect data starting on GDPR’s effective date of May 25, 2018.
- Create email categories through the email marketing system if needed and then add GDPR applicable categories as checkboxes to your new form. Be sure to use a descriptive name and descriptions for each category you want constituents to opt-in to.
- Once created, email GDPR constituents with a valid email the form link.
You can view a form example here.
Using the ‘Is_GDPR_Applicable’ Role
- Segment your emails by creating customized content sections specific to your GDPR subset of constituents within the email.
- Segment a piece of content on a page so that only GDPR applicable constituents can see the content. If you are messaging specifically to GDPR constituents, role base a content block on the homepage to ‘Is GDPR_Applicable’ so only this group will see it.
- Limit certain pages so that only GDPR constituents can view them or hide certain pages from this grouping of constituents by denying access.
- Customize fields and categories on forms. Any field or category in a form, event, donation or membership campaign can be role based. If you have specific fields that need to only be shown to and/or required for EU constituents, set the role of that field. If you have a grouping of fields that only need to be visible to those protected by GDPR, create a category with an the fields an role base the entire category instead of each field.
- Using the recipient list, you can target who receives certain email communications. If you work with third party vendors for alumni insurance you might segment these emails so that GDPR applicable constituents do not receive these emails.
If in your import you elected all GDPR-applicable constituents to be opted-out of the directory in an effort to be compliant with GDPR, you should ask them to opt back in. iModules recommends that you create a new form with first name, last name, mailing address, email and directory hidden field. All these fields should live on the profile and can be added as existing fields. This will allow you to verify any contact information for the constituent and also get them to opt back in to the directories. The ‘is directory hidden’ field can be added to your new form in combination with email categories to create a more one-stop-shop for the constituent as well as one place for you to pull reports.
Clients with a High Volume of GDPR Constituents
If a significant part of your constituent population is an EU resident and protected by GDPR and your institution would like a different way to communicate with this group, another approach would be a sealed sub-community within Encompass. To learn more about the impact and extended timeline of this option, please reach out to your iModules Account Manager.
Don’t Forget About Your Volunteers
If you have Volunteers that work within the Encompass platform and help support your institution’s efforts, please work with your Data Protection Officer to keep them up to date on your team’s efforts and iModules software updates. This will help ensure that your institution maintains GDPR compliance.
For additional questions on the new ‘GDPR_Status’ field, or for assistance with importing your contacts, please contact your iModules Account Manager. Please remember that GDPR questions specific to your institution should be addressed directly to your internal Data Protection Officer and/or legal team.