A Quick Guide to Compliance: Handling Membership Data Correctly

Janine Chasmer
Janine Chasmer

As our recent whitepaper shows, the benefits of storing all your membership data in one place are irrefutable. From speedier response times to greater customer and collaborator insight, you have much to gain and little to lose from this management strategy.

Nevertheless, a strong data culture is about so much more than access to the right tools. You’ll also need to provide quality staff training, to ensure that your employees feel confident in the new technology you adopt. It’s important that they know exactly what to do with the data they have access to, without withering away from your systems, afraid of breaching data policy. What’s more, in many cases, you’ll have to think about restricting access to sensitive information, as not everyone should be privy to it all.

In this blog, we share our top tips and tricks for solid data management, helping you to put your compliance woes far behind you, as you continue along the path to success.

Restricting data access

Whilst being able to access member data across different departments – or regions that you operate in – has its advantages, when using a centralised database, it’s also important to assign correct user access privileges to each member of your team. This ensures that only relevant people can access personal or sensitive data, without needing to share it with everyone in the company. You might also wish to limit access to ‘view only’, rather than permitting amendments, particularly as there are strict regulations that govern the modification of personal data.

Promoting data responsibility

All the data you process must be stored, updated and deleted in accordance with the level of consent granted by each member. It’s therefore imperative to train your staff on using your CRM systems appropriately, to prevent any unauthorised access or modification. As an added bonus, correct training also ensures that your chosen data solution will stick, rather than becoming yet another failed tool among a collection of technology trialled and discarded.

Data compliance

In the UK, you have to ensure that you comply with GDPR (the General Data Protection Regulation), which entered into effect in May, 2018. Enforced by the Information Commissioner’s Office (ICO), it serves to protect the privacy and personal data of EU and UK citizens alike – and applies to all businesses, charities and organisations that handle their data.

Under the GDPR, personal data is defined as any information that can be used to identify a living individual, be it directly or indirectly. Examples include name, address, email address and phone number, amongst many others. Organisations must demonstrate that they have a legal basis for collecting this data, in addition to clearly informing the individuals concerned of how their data will be used. Similarly, you must be able to demonstrate that any data transfers you make are justified.

Organisations are also required to implement appropriate measures to keep all the personal data they handle safe and secure. For instance, you might consider encryption, access controls and regular data backups.

In addition to these requirements, GDPR also gives individuals a number of rights, including the right to access the personal data you have stored on them, and the right to request that it be corrected or deleted at any time.

Finally, training is a crucial part of GDPR compliance. All staff who handle personal data must be trained on GDPR and your organisation’s individual data-protection policies. This includes training on how to identify and report data breaches and how to respond to data subject access requests.

Preventing a data breach

In addition to restricting data access, there are several other steps you can take to prevent a data breach. For instance, you might want to consider two- or three-factor authentication, whilst also investing in appropriate cybersecurity measures to protect your system.

How Equantiis can help

90% of data breaches are caused by staff, which is why investing in adequate training is essential. At Equantiis, we specialise in designing and imparting such training, bringing your entire workforce up to speed with current laws.

We also understand that the right CRM and company technology is only the tip of the iceberg. That’s why – in addition to connecting you with the best possible CRM and digital solutions – we take a comprehensive, in-depth look at your company, helping you to identify potential threats before responding with unbeatable cybersecurity solutions. We often find that cloud-first strategies work best, but our tailored offer will differ depending on your organisation’s unique needs.

We’ll also help you to draft and implement new operational policies, based on the observations we make on your employees, which will be presented to you in a handy, easy-to-digest report. If we notice any issues along the way, we’ll come up with a quick solution to remedy the situation, ensuring that your organisation remains secure. With Equantiis, you don’t just get technology. You get dedicated technology partners, committed to ensuring our solutions work for you.

To find out more or to arrange an initial call, please contact a member of our team today.

Share this article

More about the author

Janine Chasmer
Janine Chasmer - Principal Consultant

Janine’s career includes 10 years in the not-for-profit sector, specifically within membership, and she leverages her industry expertise and first-hand experience with a wider range of clients, including Membership and Charity, where she provides consultancy on a range of areas including Business Strategy, Customer Experience improvement and process optimisation. In recent years, Janine has applied these consulting skills to the Education sector, supporting HE and FE institutions to improve their applicant and student experience at key phases such as application, enrolment, Clearing and progression. Other projects include Digital and Data Strategy, process and automation, and Student Journey optimisation. She has also worked as a SRM Functional Consultant, using this unique insight of both sector knowledge, and enabling technology to achieve transformational outcomes. Janine is also a regular event speaker and creates and shares industry and sector insights with her network.