Are you ready for the GDPR?

GDPR compliance

Don’t think that if your organization is US-based, you don’t have to be concerned about the GDPR. You do.

The EU (European Union) is making significant changes to their data protection and privacy rules, and these changes will affect many US-based organizations. If there is any chance your organization collects, stores and/or shares the personal data of EU citizens, you need to know about the GDPR, and you may need to adjust the methods your organization uses related to that data by the end of May.

What is the GDPR?

The GDPR, or the General Data Protection Regulation, is technically already in effect but will be enforced beginning May 25, 2018. Organizations only have a short time left to comply, or risk significant fines.

The EU is implementing these changes in response to the significant increase in the amount of personal information collected and used today. The overall mission of the GDPR is to give consumers greater control over that personal data.

It won’t be enough for an organization just to say they’re complying. They’ll also need to demonstrate compliance related to requirements in several areas, such as:

  • Data breach Reporting
  • Personal data Consent
  • Data Portability
  • Personal data Usage

The regulations also say that organizations processing large amounts of data may need to hire a data protection officer.

What’s considered personal data under GDPR?

The GDPR defines personal data broadly. They interpret it as anything that can be used to identify an individual. In addition to a name that can include information you may – and may not – consider personal, including: 

  • Birthdays
  • Banking and financial information
  • Credit card numbers
  • Email addresses
  • IP addresses
  • Medical data
  • Social media posts


How will the GDPR affect US-based associations?

You may wonder how an EU regulation will affect your US-based association, especially if you don’t believe you have any dealings outside of the US. But any US-based organization with a web presence could be affected by the GDPR and will need to make some changes related to its level of data privacy.

Here’s a simple example of some of the complexities related to the GDPR. Someone in Paris researches your association and visits your web site or the web site of one of your chapters. How they came to your site could determine whether you need to meet GDPR regulations. If you’ve deliberately targeted the EU audience through intentional marketing, GDPR rules could apply. However, if this person found your site randomly, even through a Google search, it might not.

What happens if you ignore the GDPR?

This new regulation adds significant structure to the way EU citizens’ data is used, stored and accessed and shared with third parties, and it will drive organizations to increase their accountability, transparency and compliance when transferring information electronically across borders. Organizations ignoring GDPR requirements could face costly repercussions for non-compliance, including significant fines.

It’s critical US-based associations review their data privacy standards against the GDPR regulations, even if you’re certain your organization couldn’t possibly be affected. Organizations that currently meet US data privacy standards should be on their way to meeting these severe requirements. A data management review is always a good exercise to perform regularly, but this one may need to be done and any necessary adjustments made, rather quickly.

Print PDF Icon

Return to list



    Leave a Comment

    Users love StarChapter on G2 Crowd

    Read more starchapter reviews


    Join Our Newsletter

    Sign Up Now

    Request a Live Demo and Grow Your Association Chapter Today.

    StarChapter in The Top-20 List - Capterra


    Follow Us