1. Encompass Support Center
  2. Compliance
  3. GDPR (General Data Protection Regulation)

Encompass and GDPR Compliance

Print Friendly and PDF Follow

The 'GDPR_Status' Field

The field 'GDPR_Status' field can be found on the “Admin Only” tab of the Profile. This field is a marker to help you segment your constituents. There are three supported data values for the field:

  • Unknown
    • This value should be assigned when a constituent's GDPR status is unknown.
  • Applicable
    • This value should be assigned for all constituents that GDPR applies to.
    • A role will be assigned to any constituent with this value called 'Is_GDPR_Applicable'. Please see the following information for suggestions on ways to use this role.
  • Not Applicable
    • This value should be assigned to constituents that you know are GDPR does not apply to.

Since this field lives on the profile, it can be used for querying within data viewer for further reporting.

Managing 'GDPR_Status' and directory visibility through imports

New constituent records in Encompass are automatically assigned a GDPR status based on how they are added (for example, through form, API, or import). If you need to update GDPR statuses or directory visibility in bulk, you can do so using profile imports. This is especially useful for ongoing data management or to enforce specific privacy policies. For example, if your institution requires that constituents from the EU are hidden from directories by default, you can use the ‘Is_Directory_Hidden’ field in your routine imports. The ‘Is_Directory_Hidden’ field will remove constituents from any directory instance, but you can have your constituent opt back in through their profile settings if allowed by your site configuration.

It is important to work with your data team to ensure GDPR-related fields are being updated appropriately and routinely. If you need assistance or have questions on importing, please visit the Anthology Support Center or contact our Application Support Team by submitting a support ticket or sending an email.

Using the ‘Is_GDPR_Applicable’ role

GDPR compliance is something you must always be aware of. The ‘Is_GDPR_Applicable' role will help you stay in compliance with GDPR regulations if you use it appropriately. Here are some suggestions:

  • Segment your emails by creating customized content sections specific to your GDPR subset of constituents within the email.
  • Segment a piece of content on a page so that only GDPR applicable constituents can see the content. If you are messaging specifically to GDPR constituents, role base a content block on the homepage to ‘Is_GDPR_Applicable’ so only this group will see it.
  • Limit certain pages so that only GDPR constituents can view them or hide certain pages from this grouping of constituents by denying access.
  • Customize fields and categories on forms. Any field or category in a form, event, donation or membership campaign can be role based. If you have specific fields that need to only be shown to and/or required for EU constituents, set the role of that field. If you have a grouping of fields that only need to be visible to those protected by GDPR, create a category with an the fields an role base the entire category instead of each field.
  • Using the recipient list, you can target who receives certain email communications. If you work with third party vendors for alumni insurance you might segment these emails so that GDPR applicable constituents do not receive these emails.

Directory visibility for GDPR constituents

If you have GDPR-applicable constituents opted-out of the directory in an effort to be compliant with GDPR, you should ask them to opt back in. Anthology recommends that you create a new form with first name, last name, mailing address, email and directory hidden field. All these fields should live on the profile and can be added as existing fields. This will allow you to verify any contact information for the constituent and also get them to opt back in to the directories. The ‘Is_Directory_Hidden’ field can be added to your new form in combination with email categories to create a more one-stop-shop for the constituent as well as one place for you to pull reports.

Clients with a High Volume of GDPR Constituents

If a significant part of your constituent population is an EU resident and protected by GDPR and your institution would like a different way to communicate with this group, another approach would be a sealed sub-community within Encompass. To learn more about the impact and extended timeline of this option, please reach out to your Anthology Account Manager.

Don’t Forget About Your Volunteers

If you have Volunteers that work within the Encompass platform and help support your institution’s efforts, please work with your Data Protection Officer to keep them up to date on your team’s strategies. This will help ensure that your institution maintains GDPR compliance. 

For additional questions on the ‘GDPR_Status’ field, or for assistance with importing your contacts, please contact your Anthology Account Manager. Please remember that GDPR questions specific to your institution should be addressed directly to your internal Data Protection Officer or legal team.

Related articles