GDPR’s impact on the non-profit sector: seeking your input

No. 2, 28 Jan 2019 Issue

As non-profits are becoming increasingly data-heavy operations, basic fluency in data protection is essential. Vera Franz (Open Society Foundations), Lucy Hannah and Ben Hayes (Data Protection Support & Management) are working to understand the impact of non-profits’ GDPR compliance efforts to date, exploring awareness of and familiarity with GDPR as well as specific issues such as difficulties encountered, resources available and how non-profits have managed, or plan to manage, subject access requests from data subjects asserting rights over their personal data.

The project will also document any unintended consequences of GDPR for non-profits, looking at instances of both “over-compliance”, e.g. the introduction of overly restrictive practices, and “weaponization” of the GDPR, i.e. exploring whether and how the GDPR has been or may be used by political opponents against non-profits with the intention of hampering their activities or undermining their operations.

Drawing from the survey submissions, a best practice guide addressing issues raised by survey respondents and proposing recommendations for non-profits on how to comply with key elements of the GDPR will be published in May this year.

The survey is now available here and staff involved with their organization’s compliance efforts are warmly invited to share their experiences.

The researchers are also particularly interested in identifying instances of misuse of GDPR against non-profits and invite anyone with relevant information to send an email to


Provided by Open Society Foundations.