Security and Accessibility
      Back to home
      1. Knowledge Base | Double the Donation
      2. Security and Accessibility

      GDPR Compliance and Key Considerations

      This article explains that, to the best of our knowledge, Double the Donation is compliant with GDPR standards.

      Key GDPR Requirements

      Double the Donation and GDPR

      Practical Steps for Nonprofits

      FAQs

       

      The General Data Protection Regulation (GDPR) is a European Union regulation that sets strict rules for how organizations collect, store, and process personal data. If your nonprofit engages with donors, volunteers, or contacts in the EU, GDPR likely applies.

       

      Double the Donation is committed to supporting nonprofits in complying with GDPR.

      Key GDPR Requirements

      Organizations subject to GDPR must follow these principles when handling personal data:

      Table: GDPR Core Principles
      This table summarizes the most important GDPR rules nonprofits should consider.

      Principle What It Means
      Lawfulness, fairness & transparency Donors must know how their data is collected and used
      Purpose limitation Data can only be used for the reason it was collected
      Data minimization Collect only the data you need
      Accuracy Keep donor data up to date
      Storage limitation Do not keep data longer than necessary
      Integrity & confidentiality Protect data with appropriate security measures
      Accountability Be able to demonstrate GDPR compliance

      Double the Donation and GDPR

      Here’s how Double the Donation supports nonprofits working under GDPR:

      • Data Processing Agreements (DPAs): Available for clients who require them.

      • Data Security: Donor data is encrypted in transit and at rest.

      • Access Controls: Only authorized personnel can access donor data.

      • Data Requests: We support clients in responding to donor requests such as data access or deletion.

       

      If your organization requires a signed DPA, please contact support@doublethedonation.com.

      Practical Steps for Nonprofits

      To align with GDPR, nonprofits should:

      1. Update privacy policies to clearly explain how donor data is used.

      2. Collect explicit consent for communications where required.

      3. Ensure data retention policies are documented and enforced.

      4. Use secure systems for storing and processing donor data.

      5. Establish a process for handling data subject requests (access, correction, deletion).

      FAQs

      Q: Does GDPR apply to nonprofits outside the EU?
      A: Yes, if you process data of individuals in the EU.

       

      Q: Does Double the Donation sell donor data?
      A: No. Donor data is never sold or shared with third parties.

       

      Q: What should I do if a donor requests deletion of their data?
      A: Your nonprofit is responsible for handling donor requests. Double the Donation can support your organization in fulfilling them.

       

      Q: Can I get a Data Processing Agreement (DPA) from Double the Donation?
      A: Yes. Contact support@doublethedonation.com for details.

       

      In short: GDPR sets strict rules for donor data protection. Double the Donation supports nonprofits with secure data practices and provides DPAs when needed, but nonprofits are responsible for ensuring full compliance.