The GDPR is a legislation passed within the EU that focuses on protecting the personal data of EU citizens. The legislation is unique in that it sets forth regulations for any business that controls or processes EU citizen data, regardless of that company’s location. It grants individuals greater control over their personal information, giving them a say on how their data is handled, including what information can be used, whether it can be transferred to third parties, and when it should be erased.
YourMembership, now a member of Community Brands, has been working on ensuring clients and customers within our portfolio of products meet GDPR compliance in day-to-day business use of your association management, learning management, and career center software systems.
Below you’ll find more information on what you need to know, the general impacts of GDPR, and what your trusted team at YourMembership and Community Brands is doing in response.
If you’re interested in learning more, the full legislation and additional regulation details can be found here: at EUGDPR.org
If your website collects email address and/or any other personal information on any EU citizen, then this applies to you. Not only do all businesses working within the EU Member States fall under the authority of the regulation, but any businesses, EU based or not, that processes the personal data of or offers goods and services to EU Citizens. If your company has employees, members or customers who are EU citizens, you are required to meet GDPR compliance standards. GDPR is replacing the EU Data Protection Regulation of 1995. Arguably the greatest differences between the two is that the GDPR places more control in the hands of the consumer and more responsibility for security and privacy compliance on the part of the Data Processor.
The Data Processor, as the name suggests, is the entity that processes an individual’s personal data. Processing can be anything from collection and storage, to transfer and manipulation of data. Another important entity referenced in the GDPR is the Controller, who “owns” the data and has rights regarding how that data can be processed. Both entities are responsible to the data subject, the person whose information is being touched.
May 25th, 2018.
For compliance infractions, the GDPR “Supervisory Authority” is empowered to fine businesses “€20 Million or up to 4% of total worldwide annual turnover in the preceding financial year”, whichever is greater.
Compliance isn’t simple. It requires effort to ensure you’re taking the right security and privacy measures in both your application configuration and internal business processes. We don’t claim to be a compliance expert – we recognized we didn’t have all the answers and hired specialists to make sure we were making the right changes, and we strongly recommend you do the same. At the very minimum, find an attorney with experience in GDPR Compliance and ensure your Privacy Policies and Member Agreements are following regulation.