Guidance and Background on what DA Leaders need to know about the new European General Data Protection Regulation (GDPR)
What is GDPR?
GDPR - the General Data Protection Regulation - is a set of data protection laws in Europe. Under GDPR, consumers own their information - names, addresses, email addresses, etc., and thus have the right to control its usage, and and companies with that information - like Democrats Abroad - have an obligation to give consumers the tools to exercise that control.
Although this is a European Law, it applies to ALL OF DEMOCRATS ABROAD.
What do I need to know about GDPR?
The GDPR was approved and adopted by the EU Parliament in April 2016. It came into force on Friday May 25, 2018.
In the past, Data Privacy laws in Europe have always applied to European businesses and EU Citizens. These new laws affect ALL EU residents, not just citizens. This means that these laws apply to our European members and will affect how we deal with membership information on a global level.
What do I need to do?
If you are a leader for your country or chapter, or if you are a volunteer with access to our database, please read the following Articles. They contain crucial information on what you can and cannot do with Membership Information. Even if you are on your local Executive Committee and do not access member data yourself, you need to understand these policies.
- Do's and Dont's Under GDPR: Some of our older practices are changing - just slightly! And some old habits, although they may die hard, must be put to rest.
- Contacting Members - DA Policy: How to contact our members without violating the GDPR guidelines.
- Best Practices for Administrators: How to follow the rules if you are a database, email, or web administrator.
- Deleting Members: This has also changed with GDPR, and it is crucial to follow the new steps. Read about it at the bottom of this page.
- Social Media: How To Facebook, Instagram, and Twitter under GDPR
Who does the GDPR affect?
Organizations located both within and outside of the EU which offer goods or services to, or monitor the behavior of, EU data subjects. It also applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
GDPR applies to anyone who lives in the EU, as well as to EU nationals. It actually expands the rights of our European-resident members with regards to their data.
We collect personal information at DA to be able to contact our members and inform them about voting and other issues.
Stop speaking legalese and please tell me what this is.
GDPR expands the existing definition of personal data and lays out new standards regarding the ownership, use, and protection of this data. In other words:
Personal data is defined as anything that can identify an individual. Names, email addresses, physical addresses, phone numbers, credit card details, or a pseudonym, among other things.
Under GDPR, EU residents, regardless of their nationality, own their personal data and can therefore control how it may be used. For example the membership information DA is given could be called Uncle Jack's pair of gloves, his hat, and his coat. Jack has left these items with us and assumes we'll take care of them, and not lend the gloves to the next-door neighbor, use the hat as a lampshade or the coat as a rug. It's our responsibility to respect and not mishandle our member data.
One of the most significant changes for individuals is the right to be forgotten. When someone asks to be deleted from the database, their request must be granted within 30 days, and all information we hold in our system about them must be deleted. We do this anyway, but the membership administrators in each country committe should be aware of this and not permit any requests to accumulate.
We must now be even more alert and conscious of how we treat our member information. We ask that all leaders take it upon themselves to keep up with any guidance and changes membership management procedures that are being distributed by ExCom and the IT Team, and NOT to take any unilateral actions with regard to our membership information.
If you have a question about our membership information and how to deal with it, please ask the IT Team at:
Can I help?
If you are a IT security specialist or a lawyer with an IT Security/GDPR specialty and you would like to get involved, we would love to hear from you.
Send an email to firstname.lastname@example.org or to email@example.com and let us know.
I still have questions!!
And we have more answers!!! This Wiki page is not meant to be the definitive source for any and all GDPR information. We are putting together the answers to more questions that have been recently posed by our leaders and members, and we will post them as soon as we can!!! While we are doing that, below is a list of articles and websites for your perusal.
Please be aware that many sites have incorrect or misleading information about GDPR. Please check with the DA IT team and/or the DA Legal team if you have specific questions. You can also email Karen on the IT Team directly at firstname.lastname@example.org
Articles and Websites:
Julia Bryan - International Chair, Alex Montgomery - International Vice-Chair , Jeffrey Cheng - International Secretary, Tom Schmid - International Counsel, Yasmin Mang - DA Germany Counsel, Karen Frankenstein, IT Team