GDPR: Who It Impacts and How

May 30, 2018, 3:38 PM

(from Nonprofit Quarterly) As of Friday, May 25, the EU’s General Data Protection Regulations are in effect. GDPR is a new set of regulations that require organizations to protect the personal data of EU citizens if that data is provided during an interaction within an EU member state. 

Companies with over 250 employees are required to comply if they deal in the data of Europeans; the employee limit is lower for data processors who store data that is “likely to result in a risk to the rights and freedoms of data subjects.” Nonprofits collecting international donations could be affected, but small local nonprofits aren’t likely to be. However, GDPR violations can result in heavy fines, and nobody wants to be the first test case. 

Key changes will include:

  • Timely notifications of a data breach
  • More customer control of their data, how it is collected, stored and processed
  • The “right to be forgotten,” i.e., ability to request that data controllers erase a customer's personal data at any time
  • Data portability, i.e., the right for customers to share data between controllers in a commonly used format

More from Nonprofit Quarterly

For information on how the law affects independent schools, see Net Assets' web-only article "."

All news on NetAssets.org