General Data Protection Regulation Compliance - (GDPR)
Is your Association or NGO ready for EU's General Data Protection Regulation?
From the GDPR site:
"Organizations that collect data on citizens in European Union (EU) countries, will need to comply with the major law update to data protection which comes into force on May 25, 2018. The new rules apply across the EU including the UK – regardless of your companie's location –both data controllers and data processors (meaning 'clouds') will not be exempt from GDPR enforcement.
Purpose: The new regulation gives individuals more rights over their data and demands greater accountability and transparency from organisations on how they collect, process and store private information. Under GDPR, all companies, including charities - have to explain clearly why they are collecting personal data, how it will be used, and if it will be made available to third parties. This is why all organizations must have a comprehensive and effective privacy compliance framework to develop hard evidence to support their compliance claims.
Penalties: Under the GDPR - your organization (as a maximum fine that can be emposed for the most serious cases) could face a fined up to €20 million, or 4% of annual global turnover, which ever is greater."
Contact your attorney if you feel you need legal advice. And educate your staff to be sure they are acting in compliance. More links are available on our helpfile on GDPR for associations.