GDPR FAQ and Resources for Nonprofits with EU-Based Supporters

What is the GDPR?

On May 25, 2018, the General Data Protection Regulation (GDPR) officially takes effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.

GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website:

Does this new regulation affect my nonprofit?

The GDPR applies to EU-based organizations, and also to any company or organization who has customers or contacts in the EU. If your organization works or interacts with supporters or other individuals located within the EU, you’ve probably already begun considering how to be in compliance with the new regulations. 

Read on to learn more about how your organization can stay compliant with the GDPR using Flipcause. Please note: If your organization does not work with EU members, you do not take any additional action.

Data Processors and Data Controllers - what’s the difference?

Your organization is classified as a Data Controller, meaning that your organization determines the purposes and means of the processing of personal data that you collect from your supporters. If your organization works with individuals or has supporters in the EU, you can utilize the Flipcause features listed below to stay compliant with GDPR regulations. 

As your fundraising and supporter engagement platform, Flipcause is classified as a Data Processor, meaning that we process data on behalf of Controllers (our nonprofit clients).  To ensure our compliance with the GDPR as Data Processors, we’ve made some updates to our Privacy Policy and Terms & Conditions, effective May 25, 2018.

Please note: Flipcause offers these tools and information as a resource, but we don’t offer legal advice. We recommend you contact your legal counsel to find out how the GDPR affects your organization specifically.

Security & privacy resources for Flipcause clients with supporters and contacts in the EU:

2 Factor Authentication & Subadmin Permissions

Enhance your access controls and account security by setting up 2-factor authentication for all of your Flipcause accounts and subadmins. We recommend setting up 2-Factor Authentication regardless of GDPR status! Learn how here.

Data Portability and Deletion of Data

Flipcause will remove personal data information from any and all records upon request. You can request access to or deletion of data on behalf of your supporters by emailing 

Flipcause Forms: Mailing List Opt-In 

If your organization processes data from supporters in the EU through Flipcause, we recommend setting the default option on your campaign forms’ mailing lists to “Opt-in” rather than “Opt-out”. To make this change, go to Campaign Settings > Mailing List Opt-In. and select "Opt-In".

Flipcause Forms: Custom Messages

By using the “Review Page Message” feature in Campaign Settings, you can add a custom message with compliance language on the review page of any integrated and hosted campaign form (such as a link to your organization’s privacy policy or indication of how you will use the data collected).

Receipt Message Customization

You can add a custom message to your transaction and mailing list sign up email receipts that that indicates how you will use data collected from supporters. 

Consent Management

Whenever you collect data from a supporter, make sure to clearly state, among other things, why you need it, what you plan to use the data for, whether it may be shared and with whom, and the lawful basis on which you are relying to collect such data.  All data collected through Flipcause forms is legally obtained within GDPR compliance, as all supporters and donors consent to Flipcause Privacy Policy and Terms & Conditions when completing Flipcause Forms. For data that you manually import or enter through our “Add a Payment” feature, we recommend you add a note or a custom field to keep track of the source by which the data was obtained and what legal basis was used to obtain the data, and also reason for why you’re storing the data. 

Block Transactions from Countries of Your Choice

For security or compliance reasons, if you would like to block transactions from any country (including countries in the EU), you may do so in Security Settings.

For WebPack Clients with Supporters in the EU:

Our website host partner, Weebly, is fully compliant with the GDPR effective May 25, 2018. Read more about their new policies here, and read below for details on what they are doing to ensure compliance:

New Cookie Banner

Weebly will automatically display a cookie notification banner on published sites when visited from a European IP address. Until the site visitor consents to the use of cookies through this banner, cookie-setting functionality will not work on the published site -- including any new cookies that installed App Center apps.

If you have installed App Center apps it may be impacted by this change. Cookie functionality will be restored on the next page load after the user’s cookie consent is obtained.

The cookie banner will also contain a link to, which provides site users in the EU with information about cookies, and the steps they can take to protect their privacy on the internet. The cookie banner also allows site owners to add their privacy policy to the banner so that their visitors can use that as a reference for how their data is processed.

 New Cookie Opt-Out Element

Allows a user to create a cookie opt out on a page. The element includes a button and a paragraph with disclaimer text above a button labeled “Opt Out of Cookies”. On published sites, if a user has accepted cookies via our new cookie banner, they can use the new Opt-Out Element to opt-out any time. Once they have opted out, the message in the element button will change, and the new cookie banner will once again be placed over the page, prompting them to accept.

Updates to Weebly’s Form and Newsletter Elements

Because many site owners choose to collect Site User information with Weebly Forms, they are adding an opt-in feature to these forms. Site owners will now have the ability to enable an opt-in checkbox with compliance language, and to make this opt-in required for submission. 

Privacy Policy for your Weebly Website 

You will be directed through Weebly to add a privacy policy to your site. If you already have one, you should review the terms to make sure it complies with the expanded requirements under GDPR. If you don’t have one, Weebly has created a Privacy Policy Generator that you can utilize as part of your process to become GDPR compliant.

 Review Third-Party Services

Additionally, we suggest that they evaluate any third-party apps and vendors for compliance. If they are using any third-party services to gather or process customer data, they will need to check with those companies to verify they are GDPR compliant and will assist them with, among other things, users’ data removal and portability requests.


Please note that the information provided above is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this message, you assume all risk and liability that may result.