If you’re in the association space, it’s hard to go a week without hearing the term “GDPR” thrown around. That’s because the enforcement date is quickly approaching: May 25.
Now we don’t want to add more stress to your plate, but if this is a topic and regulation your association has been grappling with, allow us to help. Here’s what you need to know about the European Union’s General Data Protection Regulation:
What is GDPR?
GDPR, which again, stands for General Data Protection Regulation, is a new privacy law from the European Union which aims to strengthen the protection of personal data for those living in the EU. Up until this point, each EU member state has had its own set of rules and regulations. GDPR aims to unify those regulations to further protect individuals’ data.
What exactly does GDPR regulate? What are the protections?
Under the new regulations, EU residents have the right to…
- Access their personal data - Data subjects have the right to know whether or not personal data concerning them is being processed, where, and for what purpose.
- Be forgotten - Data subjects have the right to erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
- Rectify incomplete or inaccurate data - Data subjects have the right correct data and add supplementary information.
- Be notified of a breach - Data subjects have the right to be notified of a breach within 72 hours of the processor becoming aware.
But my organization isn’t located in the EU. Should I still be concerned?
Even if your organization isn’t located in the EU, these regulations apply to all personal data (contact information, photos, social media information, etc.) of any EU individual. That means if your company or organization has any personal information about individuals located in an EU member state, your organization must comply.
What are the penalties of GDPR?
Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million, whichever is greater.
What should my organization be doing now to prepare?
- Try to organize your data, if possible - Too often, associations have data spread out in a variety of systems. That makes it easy to overlook what data you actually have. If possible, try consolidating some of that information. (An association management system may be worth looking into.)
- Make sure your staff members and volunteers are up to speed on GDPR - Just so everyone’s on the same page, make sure everyone who’s involved in data management (in some way, shape, or form) understand the EU’s new regulations. (A good resource to explore is the EU’s official GDPR page.)
- Check with your third-party vendor to see how they’re preparing - If you’re currently using an association management system or a third-party vendor of any sort that handles your data, check with them to see how they’re preparing. (If you’re a MemberClicks customer, here’s a GDPR FAQ for you.)