Category: Policy and Operations

Are you ready for GDPR?

A whitepaper to help you get ready for GDPR and find out what it means for your data.

Whitepaper – Are you ready for GDPR – Download the paper here.

What should you be doing now?

If you haven’t started preparing your organisation for compliance then the next 3 months are crucial. If you have started getting ready for the GDPR deadline,  keep going.

Make sure your board is bought in to the importance of the project. Having the support you need from the top is vital to the GDPR compliance process.

ONCE THE GDPR COMES INTO FORCE, YOUR BUSINESS MUST:*

  1. Keep a record of data operations and activities and consider if you have the required data processing agreements in place
  2.  Carry out privacy impact assessments (PIAs) on products and systems
  3.  If applicable to your organisation, designate a data protection officer (DPO)
  4.  Review processes for the collection of personal data
  5.  Be aware of your duty to notify the relevant supervisory authority of a   data breach
  6. Implement “privacy by design” and “privacy by default” in the design   of new products and assess whether existing products meet GDPR standards

 

What are TeamKinetic doing right now

See what we have already put in place, to be ready for 25th May 2018.

https://teamkinetic.co.uk/blog/2018/02/07/teamkinetic-updates-new-eula-and-data-policy/

We continue to work with our customers to ensure compliance and understanding.

Are you ready for GDPR?

Deadline – 25th May 2018

Information sourced from UKFast, Berwin,Leighton,Paisner and Onside Law

Contents

Let’s refresh

Why has the GDPR come about?

What about Brexit?

What should you be doing now?

Data security is EVERY business’s business

Key changes to consent

Key changes to breach notifications

Are the rules different for electronic communications?

What is TeamKinetic doing right now?

Disclaimer: The information in this whitepaper is for your general guidance only and is not and shall not constitute legal advice. If you need advice on your rights or responsibilities or any legal advice around data protection matters, please obtain specific legal advice and contact an adviser or solicitor.

Let’s refresh…

What is the GDPR? The General Data Protection Regulation (GDPR) is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently existing throughout the EU’s member states and facilitates the secure, free-flow of data.

Why do you need to know about it?

As of April 2016, businesses have been preparing for the legislation coming into effect on 25th May 2018. Although we are in the process of leaving the EU, working towards GDPR compliance remains crucial.

If you fail to comply with the Regulation you could find yourself being fined up to 4% of your company’s global annual turnover and your reputation damaged beyond repair.

That is 4500% increase on current fines that can be issued by the ICO!!

Now that the deadline is just 3 months away, is your organisation ready?

Why has the GDPR come about?

There is a need in Europe and beyond for a standardised data protection framework that addresses the rapid technological advancements that have taken place in recent years, putting the personal data of the masses at risk.

Where do vulnerabilities lie?

Everywhere. All organisations are at risk of a cyber-attack, despite common misconceptions that some industries are more secure than others.

The results of a survey carried out by the Information Commissioner’s Office (ICO) of 173 councils at the end of 2016 reveals that more than 15% of councils do not have data protection training for employees processing personal data and a third do not carry out privacy impact assessments (PIAs) as required by the GDPR.

The survey’s release coincided with the news that the ICO had fined Norfolk Council £60,000 for a data breach in which social work files were discovered in a cabinet bought in a second-hand shop by a member of the public.

Capgemini: The Currency of Trust, February 2017

74% of UK SMEs had a security breach in 2016.

While leaving vulnerable information in a cabinet or on a train may seem like a problem from 1997 rather than 2017 – when cloud technology means physical files never need to leave the office – the overarching security challenge remains.

Professionals across the public and private sectors must be aware of the nature of the data they are accessing from their home networks and ensure they are doing so securely.

Computer Weekly: Many Councils Still Unprepared for GDPR, March 2017

What about Brexit?

Despite the vote to leave the EU, UK businesses must continue to work towards GDPR compliance. Not only has the UK government stated that it is good business practice to do so, but the legislation applies to all businesses working within the EU and with EU data. A failure to comply can lead to significant fines and irreparable damage to a company’s reputation.

The latest thinking is that the UK could replace the 1998 Data Protection Act (DPA) with legislation that mirrors the GDPR, enabling the UK to achieve free data flow with the EU post-Brexit. The government has warned that it may take two to three years for the European Council (EC) to decide that the UK has an adequate data protection regime.

While the impact of the Investigatory Powers Act on the UK’s GDPR compliance has yet to be fully understood, it is possible that the mass surveillance and data retention practices carried out under the Act could cause issues when the EC comes to decide whether the UK’s practices are adequate. The existence of these two extraordinarily contradictory legislations could result in a UK equivalent of the Privacy Shield agreement held between the US and the EU to facilitate secure transatlantic data flow.

If your business activities are contained within the UK or elsewhere within Europe, you will have to observe the protections afforded by the GDPR for citizens.

What happens if my business is not complaint?

The GDPR introduces a two-tier fine system that emphasises just how small a financial deterrent existed under the Data Protection Act (DPA).

As of the 2018 deadline, any data controller or processor that fails to comply with the Regulation will face the following fines:

 

Tier 1

If a data breach occurs that puts highly important data at risj, the data controller/processor will be fined upto €20M (£17.25M) or 4% of the previous year’s global annual turnover, whichever is greater.

Tier 2

Any other data breach could lead to fines of up to €10M (£8.6M) or 2% of the previous year’s global annual turnover, whichever is greater.

 

It is estimated that if breaches remain at the same level as in 2015, the fines given will raise 90 fold from €1.4 billion to €122 billion

Key changes to consent

Do you ask your customers for permission before you use their data? Do you go a step further and tell them what it will be used for? If the answer to either – or both – of these questions is no, you could be in trouble if you don’t start changing your ways before the GDPR deadline.

 

Why is consent important?

Consent enables your business to lawfully process data.

Organisations applying the GDPR’s standards are giving individuals greater control over their information and, in turn, building trusting relationships that ultimately keep customers coming back for more.

Any business found to be misusing personal data will be fined according to the highest level of the two-tier system and – most poignantly – is at serious risk of damaging its own reputation. When is consent required? You must have the data subject’s consent to lawfully process their data. However, just to confuse things, there are instances that will call for consent to be acquired via alternative methods; we’ll clarify this shortly. Consent is also needed under ePrivacy laws if you’re in the business of tracking communications and installing software and apps on devices.

If you want to use someone’s personal data they must give you explicit consent to do so. This means in practise no pre-ticked boxes, a user must always choose to tick the box.

If you want to use an individual’s personal data for multiple purposes, they must give consent for each purpose, separately

 

Who might need an alternative method of gaining consent?

Most commonly, data controllers in a position of power such as public authorities and employers who are likely to find getting valid consent challenging and so must consider the alternative options.

For example, if you are a highly successful eCommerce business is bringing on board a new supplier of garden furniture, you will need a contract with them that clarifies the role of each party and enables you to lawfully process their data.

Whether you are the data controller or processor, you must always record how consent was given, who from, when, how, and what the interested parties were told.

You must not bundle your consent request with your standard terms and conditions.

 

Does your consent process meet GDPR standards?

Carry out a thorough review of existing consent processes and asses whether they meet the Regulation’s requirements. if they do, there is no need to request consent from the subject again.

Key changes to breach notifications

Europe had a phenomenally inconsistent data protection landscape. It meant that when a Switzerland-based business suffered a data breach affecting people in Greece, Italy and Spain, the organisation would need to comply with the breach notification standards of each of the three member states.

This lack of uniformity throughout Europe means that while some member states, such as Spain and Germany, are recognised for their rigorous data breach privacy laws, there are also member states with minimal to no regulations in place.

In this environment, organisations in lax member states have not needed to notify an authority of a breach.

The GDPR smooths all this out with the introduction of a single breach notification requirement.

 

What is a personal data breach?

A personal data breach is not simply the loss of data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

When must the relevant supervisory authority be notified?

The relevant supervisory authority must be informed of any data breach that puts an individual’s rights and freedoms at risk. This includes a loss of confidentiality and financial loss.

Data controllers must inform the supervisory authority without undue delay and within 72 hours of learning of a personal data breach. They must state:

  1. Its nature
  2. The approximate number of people affected
  3. The contact information for the organisation’s DPO (if one has been appointed)

The controller must also pin-point the likely consequences of the breach and the measures taken to reduce further risk to those affected.

Data processors must tell the data controller about a data breach without undue delay after having become aware of it.

If a breach is significant enough that it is in the public interest, those responsible – be that the controller or processor – must do so without undue delay.

The impact of data breaches If we hark back to our real world TalkTalk and Yahoo examples, we can see that the severe consequences each company experienced following their respective breaches were related to how they handled the aftermath of the breach and not simply because the breach happened in the first place.

What should you be doing now?

A personal data breach is not just the loss of that data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

  • Educate your employees about    personal data breaches and how to   spot when one has occurred.
  • Set-up an internal process for reporting   a personal data breach.
  • Make sure you have the internal resources and processes in place to   detect and investigate breaches. Speak to any third-party data processers if they are storing your data.
  • Put an incident response plan in place.

Are the rules different for electronic communications?

No, not really. The EU has introduced a complementary legal framework to the GDPR to clarify exactly what data controllers and processors must be doing to protect individuals’ communications; electronic or otherwise.

  1. New cookies responsibilities   for browser providers Users must be given the choice to consent to cookies as part of the browser software set-up. This should reduce or eliminate cookie banners on websites entirely.
  2. Extra-territoriality and 4% fines The Regulation no longer applies solely to the EU. It applies to anyone in the world that provides publicly-available “electronic communications services” to acquire data from the devices of EU citizens. Any organisation that breaches the Regulation will be subject to the GDPR’s two-tier fine system. That means you should be paying attention even if your business is contained within the UK.
  3. The Regulation application is expanded Unlike its predecessor, the ePrivacy Directive, the ePrivacy Regulation goes beyond the traditional telecommunications organisations and internet service providers. It incorporates messaging apps like WhatsApp, and email providers, amongst other communications suppliers such as Facebook and Snapchat.
  4. New rules for processing communications data The Regulation introduces new rules for handling: what was said, who said it, where and when. This data is confidential; interfering with it could result in a Tier 1 fine.
  5. Exemption analytics cookies Businesses are exempt from the cookie consent requirement when using firstparty analytics. However, using third-party analytics platforms such as Google Analytics requires user consent.

For the non-techy amongst you, ‘party’ refers to the website that places the cookie. So when you visit www.ukfast.co.uk, and you find the domain of the cookie placed on your computer is www.ukfast.co.uk, this is a first-party cookie. If you visit www.ukfast. co.uk and a cookie by a suspiciously dissimilar name appears, this cookie has been placed by a third party.

Like the GDPR, the ePrivacy Regulation will come in to effect on the 25th May 2018.

Source: http://privacylawblog.fieldfisher.com/2017/the-new-e-privacy-regulation-what-you-need-to-know/

Introducing ‘Focus’, TeamKinetic’s design principle for better volunteer management

TeamKinetic is now a mature and fully featured volunteer management solution. As it has matured we have been able to more rigorously enforce a design principle for better impact across all user interfaces that we call Focus.

Focus is a collection of typography, grids, spacing, colour, layout and sizing rules that aim to achieve consistency of design, fluid layout for smaller screens and help to retain user focus on important tasks.

Volunteers, providers and administrators are presented with large amounts of information and we have been working hard to make this volume of information easy to digest in our Volunteer management application so the individual user focus is on the most pertinent information.

The biggest layout difference you will see is the support for a two-pane design with navigation elements in the left pane and the action area in the right pane. This layout also encourages the collection of tasks into one area, either functionally similar tasks or tasks commonly undertaken at the same time.

ocus-two column or two pane layout

A two pane layout with a navigation bar on the left and the action panes on the right

Colours are restricted to a limited palette so that actionable areas like buttons, menus and links, are obvious and easy to find.

Font sizes are consistent and changes in font size are restricted to key text and headings.

Animation are used to indicated areas of focus when information is updated or the user enters a new area.

Panels are elevated when active using an animated shadow effect

Message and information areas are distinguished by a thick left border, the colour is contextual and can refer to the category, message type or other information.

Thick left borders indicated messages or important content areas

Where possible we want to avoid page refresh as this slows the users experience and can break their focus on the task at hand.  Volunteers, Providers and Admin users all want to be able to undertake tasks with the need for a screen refresh.  Extended use of AJAX , a method of performing user interactions immediately without reloading a new page, enables us to keep the user focused on their task without the interruption of a page refresh and the subsequent visual scan of the page to locate the last point of focus.

AJAX methods are employed extensively across the admin area, especially when editing opportunities or volunteer profiles.

Grids and spacing automatically adjust to screen size and allow navigation areas to collapse to icon only links and wide content to collapse into vertical stacks keeping readability high.

Collapsible elements retain readability and usability for small screens

We just wanted to let you know what’s behind some of the design decisions in the brand new TeamKinetic v1 release and our design intent going forward.

Please add any comments you have below, thanks, The Team.

TeamKinetic: New EULA and Data Policy

On Friday 26th January 2018 our new EULA and Data Policy was enacted.

Since 2016, organisations have been preparing for the reformation of data protection in the form of GDPR (General Data Protection Regulation). For many organisations operating within the third sector, a certain apprehension has loomed, driven by concerns for their volunteer database.

TeamKinetic, as providers of volunteer management software, wanted to offer reassurance to our beloved customers and those interested that we are aligned with the new legislation in preparation for the 25th May 2018 deadline.

The Changes

As the biggest change to data legalisation since the Data Protection Act, GDPR is poised to revolutionise how individuals can manage organisations using their data. TeamKinetic have undertaken an extensive review of all our policies and procedures with the imminent launch of GDPR and have made some changes to some of our most important agreements.

Below is a concise summary of the major changes made. However, we strongly recommend you read the more detailed policies accessed in our Terms & Conditions which includes full details [click here]

If you have any concerns after reading this, please get in touch with me at chris@teamkinetic.co.uk.

Things that have not changed – TeamKinetic will still never sell your data to a third party.

We are still registered as a data controller with the Information Commissioners Office (ZSA036104)

Privacy by design, Privacy by default

We have always taken user privacy seriously at TeamKinetic, carefully balancing that with the desire by our users to access the opportunities they are most interested in seamless fashion.

The new policy is much more detailed. Significant changes include:

  • As a company, we have explored in much greater detail the role of data usage across our business. Our policy introduction, legislation, and scope reflect this. We felt it was important to establish what parts of the business this document will directly address.
  • A much greater level of detail on what user data is collected is now required by GDPR. We have tried to make it clear what data we are collecting and in what context we will be using that data.
  • Since our last policy review, we have added iPhone and Android applications which make use of additional phone features. As part of our GDPR policy review, we have added a stand-alone “Mobile” section. This section addresses the specific differences between mobile and traditional desktop usage.
  • Data sharing is essential for the operation of the TeamKinetic. We want our users to feel confident and safe with the data they share with us. Our new Data Protection and Privacy Policy identifies what data is shared with whom in much greater detail.
  • TeamKinetic collects a range of data including personal data. Some of this is of a more sensitive nature. We also collect a range of metadata which we use to improve the performance of the software. Our new Policy identifies the types of data that are collected and how we use, share and store that data.
  • Tracking and analytics systems such as Google and Nielsen are fundamental to the operation of the internet. These systems track user and site behaviour online and require TeamKinetic to provide a range of anonymous data. The new policy explains our approach to these systems.
  • Social media plays a significant role in TeamKinetic. As such, we have identified the role of social media specifically in the use of data on these platforms.
  • We explicitly define that all TeamKinetic data is stored in the UK.
  • As part of our policy review, we have established Information Governance best practice guidelines. These now form part of all company employee training and induction.
  • Finally, we have added sections to our policy that deals with “Subject Access Rights” and “Compelled”

These policy changes have been reflected in our whole business and our updated End User Licence Agreement.

Kind Regards,

Chris

If you have concerns about the new EULA and Data Policy or wish to discuss what it might mean for you and your application, do not hesitate to get in touch.


You can find TeamKinetic on social media and listen to our podcast:

Twitter       Facebook       LinkedIn       YouTube       Instagram       Podcast

 

Have you enjoyed using TeamKinetic? If you could leave us a review on Capterra, we’d really appreciate it! We’ll even send you a little thank you.

Why TeamKinetic has gone mobile

As TeamKinetic makes it iOS application available to its customers and existing volunteers, we discuss the evidence that has driven this change and our hopes of making volunteering even more accessible.

The march of technology is relentless, and the pressure on organisations in sport and the 3rd sector to offer multi-channel and multi-platform solutions to better engage with their stakeholders continues to grow as they compete for attention against a sea of other content. These trends mean that making TeamKinetic available on mobile was essential.

mobile usage by country – Comscore

The data shows that the time spent on mobile has surpassed that spent on other web-enabled devices, and this trend is consistent in developed and developing economies. It is not a case of “if mobile is important?”, but to acknowledge its predominance in the decision-making process for future development.

Dominance of multi-platform applications

The evidence is clear; consumers now expect a multi-platform product that allows them to switch between the different versions of the platform, undertaking some tasks on their desktop and others on their phone or tablet. With other data suggesting these browsing choices are time of day dependent.

on-line device usage by time of day

When looking at how to engage with your audience, in our case volunteers. We have to accept these trends and offer a product that can cater to the desires and expectations of the user.

Using the mobile platform, both in its native application format and via the mobile browser, not only have we been able to increase the potential reach and time available to browse, we can also access additional functionality.

The use of GPS and geo-location services, open-auth protocols to make signing in and staying signed in easier and using the camera or address book are all examples of technologies that work particularly well on a phone to improve customer experience. Our founding belief at TeamKinetic is to always keep the volunteer and their experience central to our design philosophy, so the decision to create the app was easy to make.

This is our first step of many as a truly multi-platform company, no doubt we have plenty to learn if we want to recreate our desktop experience on a much smaller device, but working with our customers, that’s our ambition. The rewards for success for our customers, the Sports Clubs, charities and communities are potential too great to ignore.

We must constantly challenge ourselves to look at our organisations and consider how well we provide services and how accessible they are. We must push to deliver to stakeholders the experience they have come to expect.

TeamKinetic products will provide that level of service at a fraction of the cost of in-house development.  Please get in touch to see a demo of our system and how it might improve your stakeholder engagement, build your community and change your world.

Volunteering Internships

As always we look to bring you the best practice from across the Voluntary sector. This article from the NCVO gives some fantastic guidance on Volunteering Internships for Volunteer managers.

As more organisations have realised the value of offering young people the opportunity to gain experience, whilst benefiting from their willingness to work hard and learn, it is becoming even more important that organisations do not take advantage of this willingness.  The NCVO offer some common sense advice that ensures the Volunteer is valued and that they gain as much from the experience as the organisation does.

If you have examples of how your organisation has benefited from a Volunteer internship or lessons you may have learnt from using Volunteers as interns please feel free to share at info@smarterindesign.com.

See the full article and many more like it at

http://knowhownonprofit.org/people/volunteers-and-your-organisation/volunteering-internships#guidance

NCVO have worked with a range of organisations to review the current situation and produce guidance on volunteer internships to help charities ensure they fully understand any legal obligations they may have and to ensure expectations about the role between both parties are clear.

Internships have been the focus of much debate recently, with some arguing that they are either a form of job substitution or a way of exploiting cheap labour, and others that they are vital to both charities and those who want to work for them.

Much of the confusion comes from the fact that the term ‘intern’ has no basis in UK law. There is no legal definition of an ‘internship’. So people undertaking a role described as an ‘internship will still in legal terms be defined as either a worker or a volunteer.

Some charities describe some volunteer roles as internships as they have found it valuable to offer volunteering opportunities with a stronger skill-development focus and because describing a position as an ‘internship’ has been found to attract more volunteers.

NCVO have worked with a range of organisations to review the current situation and produce guidance on volunteer internships to help charities ensure they fully understand any legal obligations they may have and to ensure expectations about the role between both parties are clear.

The guidance also identifies key principles to follow to help ensure volunteer internships are managed in line with good practice, give a good quality experience and ensure volunteer interns are treated fairly and within the law.

Key principles

  1. Be clear what the role is and its purpose before recruiting
  2. Ensure that a volunteer internship is a genuine volunteering opportunity
  3. Make sure volunteering opportunities are genuinely inclusive and accessible
  4. Support volunteer interns in accordance with good practice standards in volunteer management
  5. Ensure that volunteer intern positions do not undermine fair recruitment procedures
  6. Provide opportunities for evaluation and regular feedback
  7. Recognise the contribution of volunteer interns

More information on each principle and how to implement them is discussed in the guidance.

http://knowhownonprofit.org/people/volunteers-and-your-organisation/ncvoguidancevolunteerinternshipsvoluntarysector.pdf


You can find TeamKinetic on social media and listen to our podcast:

Twitter       Facebook       LinkedIn       YouTube       Instagram       Podcast

 

Have you enjoyed using TeamKinetic? If you could leave us a review on Capterra, we’d really appreciate it! We’ll even send you a little thank you.

The public sector needs to realise the voluntary sector does not mean free

The original article can be found at

http://www.theguardian.com/voluntary-sector-network/2015/feb/08/public-sector-realise-voluntary-sector-not-mean-free?CMP=share_btn_tw

NHS hospital sign

Volunteers are helping to support hospitals during this time of increased demand. Photograph: Andrew Matthews/PA

Last month the NHS crisis made headlines and it wasn’t a last-minute surprise to some of us in the charity sector. In December I received an email from the local clinical commissioning group, asking for urgent assistance to find volunteers to support the local hospital.

Among other things, they were looking for help to relieve pressure on the hospital being caused by increased demand for services and problems with the delayed discharging of patients. Volunteers were needed not just for “home from hospital” services and transport, but also for directly supporting nursing staff on the hospital’s wards.

Everyone knows that it’s a tough time for the voluntary and community sector. To be honest, it’s a pretty tough time for most people. By running a third-sector infrastructure support organisation, I see the issues every day and many smaller agencies are struggling to keep their show on the road. Although a great deal of important work is delivered across the public sector by volunteers, there are also many paid, highly-skilled specialists in the sector who provide the highest quality services, often in very specialised organisations. Even when volunteers are used to provide support there is still a cost for the organisations they work with.

Volunteers must be properly supported with supervision, management and training, not to mention other overheads such as insurance and safeguarding checks. All the things that go to make up a professional quality service that our communities deserve.

There continues to be a lack of understanding among those in government and service commissioning around the real cost of things when the voluntary sector comes to the rescue when things are difficult. It feels like some see it as a bit of a cut-price Black Friday approach to propping things up.

Four years of reduced funding have had a huge impact on everyone, but our sector has been hit particularly hard. Matters have been made worse by commissioners designing public service contracts in such a way which often prevent smaller, specialist organisations from being able to tender at all. There is now a very real danger that these same organisations that bring so much social value to the wider community may disappear altogether. Depressingly, it is often these same commissioners that are now requesting additional support from our sector to help stem the current NHS crisis.

Of course, the voluntary sector is always there to support the community – that’s the reason why we are so passionate about it and why we are working in it in the first place. But, it is long overdue for the sector to be taken more seriously. Rather than being seen as a merely supplementary amateur resource, there needs to be a recognition of the expert professionalism that exists, the level of activity that is delivered and a realistic understanding of how much it can cost to do what we do.

 

Safer Internet Day and Volunteer Kinetic

TeamKinetic are proud to be part of Safer Internet Day. Safer Internet Day takes place in February of each year to promote safer and more responsible use of online technology.

With just under a 1/3 of people aged 11 – 16 saying they have experienced cruel behaviour online we wanted to take this opportunity to offer this advice when using TeamKinetic.

Safer Internet Day

1.  Never meet anyone you speak to on the internet on your own, without being very sure they are who they say they are.  If you are unsure contact the administrator and they can check for you.

2.  Don’t share extra personal information. All the information the Opportunity provider needs is provided by the system.

3.  If you feel threatened or unsafe at any time using the Volunteer site, attending an opportunity or about any feedback left about your time Volunteering, contact the administrator immediately, it is confidential and they will listen to your concerns.

4.  Always make sure someone knows where you have gone to Volunteer.

If you follow these simple rules we think you should be safe and have a great Volunteer experience, but if you don’t, please tell and we can see what we can do.

Share your support with #Up2Us or #SID2015 this Safer Internet Day.


You can find TeamKinetic on social media and listen to our podcast:

Twitter       Facebook       LinkedIn       YouTube       Instagram       Podcast

 

Have you enjoyed using TeamKinetic? If you could leave us a review on Capterra, we’d really appreciate it! We’ll even send you a little thank you.

A review of the EC directive for SMS marketing and use in TeamKinetic

Know the rules
Know the rules

SMS marketing is considered an electronic form of communication. That means its use is governed by the Privacy and Electronic Communications (EC Directive) Regulations. It may sound scary, but it really isn’t that hard to understand. However, I thought it worthwhile to go over the basics of the EC Directive to help you better understand what you can and can’t do with your SMS marketing.

In the warnings issued by the ICO, several key paragraphs from the EC Directive are quoted. They basically say that no one can send unsolicited messages to any individual without prior consent. It then goes on to state three criteria used to determine what consent means (from Regulation 22):

“A person may send or instigate the sending of electronic mail for the purposes of direct marketing where –

(a) that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;

(b) the direct marketing is in respect of that person’s similar products and services only; and

(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and where he did not initially refuse the use of details, at the time of each subsequent communication.”

That is honestly a mouthful of words, but very important ones. Here’s a simple interpretation you can take when dealing with your Volunteers.

As long as you ask for consent when signing a Volunteer up to the TeamKinetic system, which you do as part of the terms and conditions. you can send that Volunteer text messages that are related to the service the volunteer undertakes.  For example, other voluntary opportunities and non-voluntary information that is similar to the Volunteering the person has undertaken. This could be a training course that is suitably matched to the volunteer’s area of voluntary experience, or other services as long as they are related to the Volunteering.

You can not send SMS messages about unrelated services or products. For example, the opportunity to buy a holiday or book cinema tickets unless that was specifically related to the voluntary opportunity the volunteer signed up to.

Part c is important, as you must make it simple for the Volunteer to opt out of any future communications if they wish.

Following these rules will keep you inside the law and hopefully will keep your Volunteers happy.  If you have any stories of good/bad practice examples of how to use SMS messaging to increase Volunteer retention and recruitment please feel free to send them to us.


You can find TeamKinetic on social media and listen to our podcast:

Twitter       Facebook       LinkedIn       YouTube       Instagram       Podcast

 

Have you enjoyed using TeamKinetic? If you could leave us a review on Capterra, we’d really appreciate it! We’ll even send you a little thank you.

Volunteer Health and Safety for beginners

Health and Safety, those dreaded words. The reason to stop, an excuse not to do something. I’m sure anyone who reads this blog gets that same sinking feeling when someone uses health and safety as an excuse to make sure something does not take place. I hope to share some of the useful Volunteer Health and Safety information that has been shared with us at TeamKinetic.

Volunteer Health and Safety

I must make it very clear from the very start;  I am not a health and safety expert and any advice I offer is either from other sources who I will aim to credit or my own experience. I also want to open this debate to other Volunteer Managers or those who have real Volunteer Health and Safety experience. Please share your knowledge and best practise with our audience. No advice will be ignored and all will be welcome.

Anyone who wishes to correct any mistakes or offer further clarification can always e-mail me at info@teamkinetic.co.uk and just put Volunteer Health and Safety in the subject field and I will happily add to this post.

Volunteering by its very nature involves people undertaking roles and responsibilities that often lack clear description, they are not employed and as we have found, people have the most amazing ability to do the craziest things! All this means you can take nothing for granted.

So what have we learnt whilst operating TeamKinetic?

From the point of view of a technology provider who talks on a very regular basis with those that work at the coal face with volunteers and opportunity providers day to day,  its never dull!

We must first establish some key distinctions so it is clear who is responsible or has a duty of care during the volunteer process (I will try and keep to a minimum the Health and Safety terminology).  I must also state that although this advice might be applicable to most volunteer situations it is written based on the volunteers being deployed via a VolunteerKinetic powered opportunity.

From the point of view of a volunteer manager who is brokering opportunities that are often provided by others, we think there are some important issues to consider.

Volunteers and opportunity providers must take all reasonable responsibility for their own health and safety.

This should be made clear in any code of conduct you create.

Although you are acting as a broker of opportunities, the responsibility (duty of care) for ensuring safety at a venue, location or during an activity is that of the opportunity provider.  They should have a risk assessment for the activity, public liability insurance to protect volunteers and the people they may come into contact with through the role, and policies and procedures in place that they make you aware of; such as fire evacuation procedures.  These basic responsibilities should not just extend to volunteers but all potential people who may be affected by the normal operation of the organisation and opportunity.

This does not fully exclude the broker from any responsibility, and in our opinion, best practice on behalf of the programme administrator is to provide opportunity providers with guidelines. These should offer a set of operating standards an opportunity provider should meet.

University of Manchester Athletic Union have kindly offered to share their Health and Safety Checklist and Public Liability letter. You can use or adapt these to your personal needs. We also suggest a provider code of conduct. This covers the more soft policies around effective volunteer management, and may include some of the following points:

  • Ensure someone is available to welcome volunteers, to offer a basic site induction and to be a point of contact whilst the volunteer is on site.
  • Make sure volunteers are aware of “comfort facilities” such as staff rooms, toilets and areas to get food or drink.
  • Try to speak to a volunteer before they leave, ask for feedback on their experience, and offer a thank you where appropriate for their help.

This is just a couple of ideas, that will hopefully ensure your volunteers stay safe and happy whilst working with your providers.

The End User Licence Agreement (EULA) that all volunteers agree to when they volunteer as part of a TeamKinetic system makes the following clear.

Do not arrange to meet strangers in strange places alone.  Ensure you check out who they are and you are happy to attend an opportunity.  If you are not sure contact the Administrator.

volunteer group hands together

As people are notoriously bad at reading Terms and Conditions we suggest to volunteer managers to make this point clear to all volunteers, that to arrange to meet a stranger through the internet, even through this service, carries some risk and volunteers should do everything they can to ensure they know where and who they are meeting.

Similar advice should be given regarding what information people offer to share via the internet.  VolunteerKinetic is designed to help manage volunteer-to-provider connections.  Connections made outside the system can be dangerous and as a manager, impossible to track.  So we suggest that volunteers and providers use only the system to communicate.

If a volunteer or provider act in a way that is inappropriate or dangerous, do you as an administrator have a policy and procedures in place to manage complaints, respond to allegations and deal with incidents?

From an organisation’s perspective, the volunteers are considered the same as any other person. Do you have up-to-date policies and procedures, including Safeguarding and Health and Safety and do you have a way to ensure volunteers follow these procedures whilst they are under your management?

Many of these situations are extremely rare and a little forward planning and support from the system administrator can make it easy to share good practice amongst providers. Ensuring that the providers and volunteers follow the advice can be more difficult, but having open channels of communication means that problems are easily reported and dealt with.  Encouraging feedback from all participants we think offers a great way to keep on top of potential issues.

Source Material

volunteer 2

Volunteer Health and Safety is fraught with potential difficulty and is somewhat open to interpretation. It is with this in mind that I would like to share the following links that I have found useful whilst writing this article. If I can leave you with any advice it’s that good procedures around setting up new opportunity providers and volunteers will ensure many issues can be identified early.  Secondly, talking to your providers and volunteers regularly, using the feedback tools available through VolunteerKinetic will offer additional insight and help identify potential issues before they become serious.

http://www.hse.gov.uk/voluntary/further-advice.htm

http://www.hse.gov.uk/voluntary/when-it-applies.htm

http://www.hse.gov.uk/voluntary/manage-low-risk.htm

http://www.hse.gov.uk/contact/faqs/charities.htm

http://www.volunteering.org.uk/component/gpb/whatpaperworkdoineed&qh=YToyOntpOjA7czo2OiJoZWFsdGgiO2k6MTtzOjY6InNhZmV0eSI7fQ==

http://www.volunteering.org.uk/component/gpb/handbooksorpolicies&qh=YToyOntpOjA7czo2OiJoZWFsdGgiO2k6MTtzOjY6InNhZmV0eSI7fQ==

 http://www.volunteering.org.uk/component/gpb/riskassessment&qh=YToyOntpOjA7czo2OiJoZWFsdGgiO2k6MTtzOjY6InNhZmV0eSI7fQ==

Page 2 of 2

Powered by WordPress & Theme by Anders Norén