Announcing a new GDPR extension

2017-10-06 00:34
Written by
parvez - member of the CiviCRM community - view blog guidelines

Our new extension aims to enable charities/organisations to manage their supporters in a GDPR compliant manner. GDPR in itself does not introduce many new directives however it does make organisation appointed officials directly responsible for any breach in directive and therefore has a degree of responsibility which had been missing from previous iterations.

It’s important to understand that simply implementing an opt in process and assuming all contacts are opted out overnight is probably not what is best for your organisation, there are many factors to consider before determining that a formal opt in is required. For example a membership organisation is well within its rights to assume that member communications are assumed opt in unless the member explicitly opts out. Its also a fair assumption where contacts have been imported from third party fundraising systems, where they can represent your charity and they have stated they are happy to be contacted by the charity they are fundraising for. The overall aim of this extension is to help organisations navigate the journey to GDPR compliance without compromising their presence with and income from their existing supporters.

More details about GDPR and CiviCRM can be found at

The first version of this extension does the following;

  • Allow you to record the data protection officer for your organisation

  • A new tab 'GDPR' in contact summary will display group subscription log for the contact

  • Custom search 'Search Group Subscription by Date Range' which can be access from GDPR Dashboard

  • Access list of contacts who have not had any activity for a set period of days from GDPR Dashboard

Future releases will include

  • User friendly communication preferences, moving to explicitly worded opt in mechanisms.

  • A forget me process - where a supporter has asked to be erased from the organisations CRM. We will introduce a button which will anonymise the contact without losing financial or any other history therefore keeping the performance history of the organisation in tact.

  • Communication preference to include medium per group. Currently CiviCRM supports include or exclude from a group but it does not allow for the selection of the communication medium that should be used for example happy to receive email newsletters but please don’t send me any other emails.

GDPR comes into force in the UK on May 2018, we aim to complete the feature set of this extension by Feb 2018 and if you'd like to get involved please do feel to get in touch. We'd also like to take this opportunity to thank Paul Ticher ( for coming on board with this project as a consultant and expert in the sector.


Great work!  We probably get back to you eventually. We will have to perform some gap analysis between UK and German GDPR.

The extention is not on the public extention list.