logo
    • Magazine
    • Membership
    • Donate
  • Racial Justice
  • Economic Justice
    • Collections
  • Climate Justice
  • Health Justice
  • Leadership
  • CONTENT TYPES
  • Subscribe
  • Webinars
    • Upcoming Webinars
    • Complimentary Webinars
    • Premium On-Demand Webinars
  • Membership
  • Submissions

General Data Protection Regulations: What Your Nonprofit Needs to Know

Lauren Karch
May 29, 2018
Share
Tweet
Share
Email
Print
Photo credit: Convert GDPR.

May 25, 2018; Brookings Institution

As of Friday, May 25th, the EU’s General Data Protection Regulations are in effect—and, if you’ve opened your email inbox within the last month, you know that many companies are updating their privacy policies to be compliant.

GDPR is a new set of regulations that require organizations to protect the personal data of EU citizens if that data is provided during an interaction within an EU member state. The regulation is the same across all 28 states.

GDPR replaces an older data protection law from 1995, and the biggest change to the law is the concept of extraterritoriality: it applies to all organizations that process personal data of European residents, whether or not they are physically located in Europe. The other changes are kept purposefully loose—while they require a “reasonable” set of protections for personal data, the definition of reasonableness isn’t provided, and may be left to European regulatory agencies.

Sign up for our free newsletters

Subscribe to NPQ's newsletters to have our top stories delivered directly to your inbox.

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

What Changes Does GDPR Create?

GDPR is intended to create protections for personal data, including identity information, web data (including location and IP address), health and biometric data, racial or ethnic data, political opinions, and sexual orientation. Key changes will include:

  • Data processors will be required to notify customers “without undue delay” after becoming aware of a data breach.
  • Customers will have a right to confirm whether their data is being processed, where, and for what purpose, and will be able to request a copy of their personal data free of charge.
  • The “right to be forgotten,” previously established through court hearings, is now written into the regulations. Customers may request that data controllers erase their personal data at any time. The rules do allow controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests, opening questions into whether individuals can erase their names from, for example, crime records.
  • GDPR introduces the idea of data portability, the right for a customer to share their data between controllers in a commonly used format.
  • A “privacy by design” imperative calls for the inclusion of data protection from the onset of designing collection systems, basically allowing for fines of companies who ignore data protection until the completion of a new system.

Does Your Nonprofit Need to Comply?

Companies with over 250 employees are required to comply if they deal in the data of Europeans; the employee limit is lower for data processors who store data that is “likely to result in a risk to the rights and freedoms of data subjects.” Nonprofits collecting international donations could be affected, but small local nonprofits aren’t likely to be. As Ona Alston Dosunmu and Christie Yang wrote for the Brookings Institution last week, “nonprofits probably weren’t top of mind for European regulators.” The regulations are primarily aimed at data-heavy industries like finance and healthcare, and most EU countries don’t yet have enforcement for GDPR in place.

However, GDPR violations can result in heavy fines, and nobody wants to be the first test case. In addition, some of the GDPR regulations make good sense: Notifying customers immediately post-breach is good business; the capability to provide data-processes confirmation increases public trust.

Does your organization need to comply with the new EU regulations? If you operate primarily in the United States, probably not. But should you? If you’re into best practices for data collection, it’s not a bad idea.—Lauren Karch

Share
Tweet
Share
Email
Print
ABOUT THE AUTHOR
Lauren Karch

Lauren has worked on outreach campaigns for a variety of non-profit and governmental organizations. She currently serves on the board of the Association of Ohio Recyclers, a conservancy nonprofit.

More about: right to privacyGovernmentNonprofit Newsonline databasesPolicyTechnology

Become a member

Support independent journalism and knowledge creation for civil society. Become a member of Nonprofit Quarterly.

Members receive unlimited access to our archived and upcoming digital content. NPQ is the leading journal in the nonprofit sector written by social change experts. Gain access to our exclusive library of online courses led by thought leaders and educators providing contextualized information to help nonprofit practitioners make sense of changing conditions and improve infra-structure in their organizations.

Join Today
logo logo logo logo logo
See comments

NPQ_Winter_2022Subscribe Today
You might also like
Meet the New Global Tax Haven, the United States
Steve Dubb
Cancelling Student Debt Is Necessary for Racial Justice
Kitana Ananda
To Save Legal Aid, Expand Public Service Loan Forgiveness
Zoë Polk
Protecting Nonprofits That Protect Us During Crises—and Beyond
Aisha Benson and Jen Talansky
No Justice, No Peace of Mind and Body: The Health Impacts of Housing Insecurity for Black Women
Jhumpa Bhattacharya, Maile Chand and Andrea Flynn
Puerto Rico: The Critical Role of Information and the Nonprofit Sector in Disaster Living
Cyndi Suarez

Upcoming Webinars

Group Created with Sketch.
February 23rd, 2 pm ET

Worker Power in the Social Sector

Register Now
Group Created with Sketch.
March 15th, 2 pm ET

Remaking the Economy

Caring for the Care Economy

Register Now
You might also like
Meet the New Global Tax Haven, the United States
Steve Dubb
Cancelling Student Debt Is Necessary for Racial Justice
Kitana Ananda
To Save Legal Aid, Expand Public Service Loan Forgiveness
Zoë Polk

Like what you see?

Subscribe to the NPQ newsletter to have our top stories delivered directly to your inbox.

See our newsletters

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

Independent & in your mailbox.

Subscribe today and get a full year of NPQ for just $59.

subscribe
  • About
  • Contact
  • Advertise
  • Copyright
  • Careers

We are using cookies to give you the best experience on our website.

 

Non Profit News | Nonprofit Quarterly
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.