I recently returned from a wonderful two-week vacation in Portugal. It was lovely — contact me if you’re planning a trip, I have some great recommendations … but I digress.

One of the best things about vacation was that I really got to unplug and hardly thought about work or world events. I rarely thought about digital anything (unless it was the GPS navigation in our rental car or checking World Cup results — I highly recommend being in Europe during the next Cup; I don’t even like soccer, but it was impossible not to get swept up in the World Cup magic there).

I did go online occasionally to check email, attempt to check in for flights, or try to figure out what was happening in a cave in Thailand. And, as usual, a work connection popped up: GDPR. We’ve been talking a lot lately about the European Union’s General Data Protection Regulation regarding data protection and privacy. American companies needed to be compliant by the end of June if they do business in Europe. Several major companies (Facebook being the loudest) did big PR campaigns around their adoptions to prove that they care — really care — about our privacy. (Feel free to insert air quotes around any part of that statement …) Other companies were struggling to understand just what the heck GDPR was.

At the moment, very few nonprofits are required to comply with GDPR (only those with significant international presence or who take donations in Euros). But the future is coming and it is GDPR. Make no mistake, once American companies start adopting GDPR practices in the U.S., your donors will expect the same treatment from you that they get from Facebook and Amazon. So it’s a good time to see what the future looks like (and it’s mostly cookies). 

Baseball Goes International

I assumed I was the one bringing bad luck to my Washington Nationals, but a quick peek at the standards shows their performance was just as lackluster when I wasn’t actively cheering them on. But first, MLB.com gave me the opportunity to learn more about all the ways they track my behavior on their site (aka cookies).

I had to answer YES or NO to each of the cookie options (with NO being the default answer). Thankfully, it didn’t take long, since it would have been annoying to go through a long process only to learn that the Nats were still 5 ½ games behind the Mets. Like Major League Baseball, companies are being much more up front about their use of cookies.

Tips to Weather the Transition

Take a tip from Weather.com and augment the legalese in your cookie disclaimers to communicate in clear language why people should click YES. Weather.com makes a case that by accepting cookies I’d get the “most accurate forecasts and severe weather offerings.” Think through your value proposition for donors — what’s in it for them to let you recognize that they’re a returning visitor? — and communicate it!

Second, make sure your disclaimers can be easily viewed on a mobile device. The screenshot at right was viewed on my Android phone, the viewing and response functions were just as easy on that as on the tablet I had with me.

How to Get Started with GDPR Compliance


Don’t worry if you’re not 100% GDPR compliant today, but don’t ignore this coming sea change in how we interact with our website visitors, advocates and donors. Now is the time to take a deep breath, meet with a wide range of stakeholders in your organization and plan how to implement worthwhile changes over time. While this post only looks at how to educate visitors about cookies, GDPR also has implications for best practices in building your list. You can start learning more by:

  • Viewing Charity Dynamics’ handy-dandy GDPR Tipsheet for a better understanding of what’s required right now.
  • Being aware of Blackbaud’s new email usage policy, if you use their platforms to collect email addresses or send emails. Some of the new restrictions on how organizations can collect email addresses will require changes to donation form strategies.

Need help thinking through how to reimagine your privacy policies, user experience and list growth strategies in this new era? Contact us – we’d love to help!

Introducing Our GDPR Readiness Audit!