Getting your organisation’s data cleaned up in time for GDPR enforcement

It’s not long until GDPR is in full motion, so getting your data in line is an essential measure for keeping on top of compliance. Making sure any data you acquire is organised and in-line with regulations is key. Unorganised data puts you at risk of wasting your charity’s money, gaining negative publicity, or even breaking the law.

Cleaning data habitually also makes life much easier when moving across to a new CRM system or performing a large-scale audit. With data consolidated, you can migrate information easily or adjust it accordingly with little complication.


Apply a unique ID to each record:

Applying individual ID’s helps you manage data effectively, especially when you need to track changes. This is commonly known as a unique reference number (URN). A good example would be the ‘record ID’ if you’re familiar with

A URN is similar to a URL in that it is only relevant to a specific page or data set, however a URN is easier to find; the individual only has to know the name of a resource to find it. This is beneficial if data needs to be accessed and tracked by more than one person in your organisation.

It’s important this URN remains the same once set so that you can follow the data from its initial creation date and easily find and edit it if necessary.


Capture, standardise and audit your data:

Outline which data you need from the start. This ways you can select what needs to be mandatory and what can be additional for donors or clients to input. This means you can be certain, for example, when you go to reach out to a donor that you have their name and email address to personalise their email.

Keeping standards the same across the board also keeps things cleaner – i.e. Road or Rd, Limited or Ltd. This improves data cleaning accuracy and minimises processing time. Having all entries as uniform as possible avoids the prospect of missing out on data simply because it was incorrectly recorded.

Performing data audits is also made much simpler (as you should frequently be doing). Carrying out audits prior to any large scale campaign is a great way to ensure compliance with GDPR by checking you have authorisation to contact everyone in a certain address book.


Keep data secure:

This is an absolute requirement, particularly as a many charities work with highly sensitive data.

If you use a supplier, they should provide you with a non-disclosure agreement (NDA) and a secure method of transferring your data to keep it as secure as possible.

It’s also good practice to make sure your data is encrypted on some level. This means stored data can be transmitted securely across networks.

Encryption comes in two forms:

  • Symmetric-key encryption: Using a single key, it’s fast and secure though less effective across networks.
  • Public-key encryption: Using a pair of keys, this offers greater security but can be slower and more resource intensive.

These can be combined for higher level security with less compromise on speed.

For many organisations the challenge is protecting and preventing loss of data even when employees use external devices, removable media, and web apps. In these cases, auto-encryption on your site and processor is therefore very important.


Want to read more?

For more charity specific-insight, Camelia Vasilcan (Database Manager at Children with Cancer) has put together some top tips, devised from experience in data cleaning.