On May 25, 2018, the General Data Protection Regulation (GDPR) replaces the European Data Protection Directive. They warned us two years ago, but for most organizations this still comes as a surprise.
As abstract as it may read, you need to start changing the way you keep and organize your members and donors’ data before it is too late, because the GDPR regulators will punish those companies and nonprofits that haven’t followed the rules.
Noncompliance of the new data EU law will be punished with up to 4 percent of an organization’s annual worldwide revenue, so you should check if your nonprofit’s operations are under the scope of the new law.
1) Any organization that keeps personal data of people needs to make the change from the old European Data Protection Directive to the new regulation. By personal data we mean personal IP addresses, which keep track of users online activity.
The only case in which the doesn’t apply is for those organizations that only keep data and relevant information about other organizations. But information about organizations often implies personal information: we all interact with people, so most of us who work in organizations will have to rush to to GDPR”.
2) This new regulation will apply to all nonprofits established in Europe or that processes the data of Europeans. Even if your nonprofit is outside of Europe, if you keep personal data of Europeans you have to adapt to as well.
3) From the 25th May on, your users will need to specify that they agree in giving your nonprofit their data, and no ambiguous omissions are allowed to be taken as explicit consent.
4) Everyone you have in the data base of your organization will have the right to ask your organization for the information.
How does my organization actually carry GDPR out?
This 4 points basically mean two things.The first is that your organization should add this kind of form to its website. Secondly, as manager of your nonprofit you should massmail all your donors, members, grantees or program service recipients in the EU.The email in question should look like this:
Title: Relevant information about the new regulation of data protection (GDPR)
Dear sir/ madam,
We write to you to tell you that our organization wants to keep in touch with you.
- The new data regulation policy requires you to give us consent for sending you more emails about our activity.
- If you agree to keep on receiving information about us, please answer this email or fill this form. If your organization needs inspiration, here you have an example of how this form should look like.
- According to the GDPR that we are about to carry out, if you don’t fill the form and you don’t answer this email you will stop receiving information about our organization’s activity and you will probably lost touch with us.
- If you accept to keep on receiving information about us according to the new European Union GPRD legislation you will have the following rights: access your personal data, ask us to erase your personal data, get a copy of your personal data, be informed in case an important violation of your data occurs, restrict where and how we user your personal data.