logo logo
Donate
    • Membership
    • Donate
  • Social Justice
    • Racial Justice
    • Climate Justice
    • Disability Justice
    • Economic Justice
    • Health Justice
    • Immigration
    • LGBTQ+
  • Civic News
  • Nonprofit Leadership
    • Board Governance
    • Equity-Centered Management
    • Finances
    • Fundraising
    • Human Resources
    • Organizational Culture
    • Philanthropy
    • Power Dynamics
    • Strategic Planning
    • Technology
  • CONTENT TYPES
  • Leading Edge Membership
  • Newsletters
  • Webinars

General Data Protection Regulations: What Your Nonprofit Needs to Know

Lauren Karch
May 29, 2018
Photo credit: Convert GDPR.

May 25, 2018; Brookings Institution

As of Friday, May 25th, the EU’s General Data Protection Regulations are in effect—and, if you’ve opened your email inbox within the last month, you know that many companies are updating their privacy policies to be compliant.

GDPR is a new set of regulations that require organizations to protect the personal data of EU citizens if that data is provided during an interaction within an EU member state. The regulation is the same across all 28 states.

GDPR replaces an older data protection law from 1995, and the biggest change to the law is the concept of extraterritoriality: it applies to all organizations that process personal data of European residents, whether or not they are physically located in Europe. The other changes are kept purposefully loose—while they require a “reasonable” set of protections for personal data, the definition of reasonableness isn’t provided, and may be left to European regulatory agencies.

Sign up for our free newsletters

Subscribe to NPQ's newsletters to have our top stories delivered directly to your inbox.

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

What Changes Does GDPR Create?

GDPR is intended to create protections for personal data, including identity information, web data (including location and IP address), health and biometric data, racial or ethnic data, political opinions, and sexual orientation. Key changes will include:

  • Data processors will be required to notify customers “without undue delay” after becoming aware of a data breach.
  • Customers will have a right to confirm whether their data is being processed, where, and for what purpose, and will be able to request a copy of their personal data free of charge.
  • The “right to be forgotten,” previously established through court hearings, is now written into the regulations. Customers may request that data controllers erase their personal data at any time. The rules do allow controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests, opening questions into whether individuals can erase their names from, for example, crime records.
  • GDPR introduces the idea of data portability, the right for a customer to share their data between controllers in a commonly used format.
  • A “privacy by design” imperative calls for the inclusion of data protection from the onset of designing collection systems, basically allowing for fines of companies who ignore data protection until the completion of a new system.

Does Your Nonprofit Need to Comply?

Companies with over 250 employees are required to comply if they deal in the data of Europeans; the employee limit is lower for data processors who store data that is “likely to result in a risk to the rights and freedoms of data subjects.” Nonprofits collecting international donations could be affected, but small local nonprofits aren’t likely to be. As Ona Alston Dosunmu and Christie Yang wrote for the Brookings Institution last week, “nonprofits probably weren’t top of mind for European regulators.” The regulations are primarily aimed at data-heavy industries like finance and healthcare, and most EU countries don’t yet have enforcement for GDPR in place.

However, GDPR violations can result in heavy fines, and nobody wants to be the first test case. In addition, some of the GDPR regulations make good sense: Notifying customers immediately post-breach is good business; the capability to provide data-processes confirmation increases public trust.

Does your organization need to comply with the new EU regulations? If you operate primarily in the United States, probably not. But should you? If you’re into best practices for data collection, it’s not a bad idea.—Lauren Karch

About the author
Lauren Karch

Lauren has worked on outreach campaigns for a variety of non-profit and governmental organizations. She currently serves on the board of the Association of Ohio Recyclers, a conservancy nonprofit.

More about: Federal GovernmentNonprofit NewsPolicyTechnology

Our Voices Are Our Power.

Journalism, nonprofits, and multiracial democracy are under attack. At NPQ, we fight back by sharing stories and essential insights from nonprofit leaders and workers—and we pay every contributor.

Can you help us protect nonprofit voices?

Your support keeps truth alive when it matters most.
Every single dollar makes a difference.

Donate now
logo logo logo logo logo
See comments

You might also like
Amid Heatwaves, a Growing Concern Rises About Data Centers
Rebekah Barber
New York and Other States Move to Fix Nonprofit Contracting Delays
Lauren Girardin
Trump Budget Bill Spells Trouble for Nonprofits
Isaiah Thompson
How Trump’s “Big, Beautiful Bill” Hurts Youth Mental Health
Megan Kerns
Holding the Line for LGBTQ+ Youth: Community, Care, and Resistance
Deepa Iyer
Federal Workers Are Organizing for Democracy—from the Inside Out
Chris Dols and Alissa Tafti

Upcoming Webinars

Group Created with Sketch.
July 24th, 2:00 pm ET

Organizing in Divided Times

The Relational Infrastructure We Need to Protect Democracy

Register
Group Created with Sketch.
September 24th-25th, 2:00 pm ET

Advanced QuickBooks for Nonprofits

Expert Guidance for Experienced QuickBooks Users

Register

    
You might also like
The sun sets behind a lamppost and power lines.
Amid Heatwaves, a Growing Concern Rises About Data Centers
Rebekah Barber
An aerial view of New York City buildings during the daytime.
New York and Other States Move to Fix Nonprofit Contracting...
Lauren Girardin
US Capitol Building
Trump Budget Bill Spells Trouble for Nonprofits
Isaiah Thompson

Like what you see?

Subscribe to the NPQ newsletter to have our top stories delivered directly to your inbox.

See our newsletters

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

  • About
  • Advertise
  • Careers
  • Contact
  • Copyright
  • Donate
  • Editorial Policy
  • Funders
  • Submissions

We are using cookies to give you the best experience on our website.

 

Non Profit News | Nonprofit Quarterly
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.