Guidance and Background on what DA Leaders need to know about the new European General Data Protection Regulation (GDPR)
What is the GDPR?
The GDPR - General Data Protection Regulation - is a new set of laws that deal with data protection in Europe. It is meant to create legal standards that will apply to all the EU countries. The GDPR contains changes for the public as well as businesses and organizations that handle personal information, like Democrats Abroad. In a nutshell, "it ensures that consumers own their private information and thus have the right to control its usage and that internet companies have an obligation to give consumers the tools to exercise that control."*
What do I need to know about GDPR?
In the past, Data Privacy laws in Europe have always applied to European businesses and EU Citizens. These new laws affect ALL EU residents, not just citizens. This means that these laws apply to our European members and will affect how we deal with membership information in Europe.
ACK! What do I need to do?
In your official capacity as a DA volunteer/officer/member, you do not have to do anything – yet.
The IT Team, with the approval and assistance of the International Executive Committee, will be implementing some changes to NationBuilder access. We WILL need your help to get this done. Please read and respond in a timely manner to any email that you get from the IT Team. No changes will be made overnight, but they will be implemented before May 25, 2018.
When is the GDPR coming into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016. It will be in force May 25, 2018.
Who does the GDPR affect?
Organizations located both within and outside of the EU which offer goods or services to, or monitor the behavior of, EU data subjects. It also applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. GDPR expands rights of our European-resident members with regards to their data.
I still have no idea what GDPR really is. What is it? Why do we care?
We collect personal information at DA to be able to contact our members and inform them about voting and other issues. GDPR expands the existing definition of personal data and lays out new standards regarding the use and protection of this data. In addition to this, GDPR specifies that EU residents own their personal data and can therefore control how it may be used.
Personal data will be defined as anything that can identify an individual. This means a name, an email, an address, a phone number, credit card details, or a pseudonym, among other things.
One of the most significant changes for individuals is the right to be forgotten. When someone asks to be deleted from the database, their request must be granted within 30 days, and all information we hold in our system about them must be deleted. We do this anyway, but the membership administrators in each country committe should be aware of this and not permit any requests to accumulate.
We must now be even more alert and conscious of how we treat our member information. As we finalize our compliance plans, we will keep you informed of the next steps. We ask that all leaders take it upon themselves to keep up with any guidance and changes membership management procedures that may be distributed from International leaders, and NOT to take any unilateral actions with regard to our membership information. Membership data should never be exported in any form into another database or a local/personal address book. If you have a question about our membership information and how to deal with it, please ask the IT Team at:
I STILL HAVE QUESTIONS?!?
And we have more answers!!! This Wiki page is not meant to be the definitive source for any and all GDPR information. We are putting together the answers to more questions that have been recently posed by our leaders and members, and we will post them as soon as we can!!! While we are doing that, below is a list of articles and websites for your perusal.
Please be aware that many sites have incorrect or misleading information about GDPR. Please check with the DA IT team and/or the DA Legal team if you have specific questions. You can also email Karen on the IT Team directly at firstname.lastname@example.org