There has been a flurry of articles written and forum topics posted over the past few months about the impending European Union’s (EU) General Data Privacy Regulation (GDPR) that takes effect May 25, 2018. All this information has left many association staff dizzy, asking the question “what should associations be doing right now to ensure we’re compliant?”
First, this regulation only impacts organizations located in the EU or organizations that collect data from members in the EU. If neither of these situations apply to you, great you’re off the hook! However, for many associations, that is not the case. The list below will help those affected focus their efforts.
Beyond the technology aspects, proper data security requires administrative processes too.
Here are some tips to help your association prepare for compliance:
- Designate a GDPR expert at your association to make sure your staff and volunteers understand the fundamentals of GDPR and know who to talk to at the organization when they have questions. They can learn more at the official GDPR website.
- Identify all the data you store and know where you store it. You’ll need to ensure any software you’re using to store member data complies with GDPR. Responsible vendors have already taken steps to become compliant and you should check with each software provider you use including your AMS, email, event, survey, and merchant gateway applications, etc.
- Users have the right, under GDPR, to request a full data report from you. This includes a full record of the data being stored about them, how that data is being used/processed, who that data is being shared with, and the physical location of the data. They also have the right to, upon request, have their data deleted completely from all your systems and servers. If you’re a GrowthZone customer, we’ve got you covered! We have put a process in place for you to be able to gather/delete the information you need for your intended user.
GrowthZone is releasing the following updates to assist our customers with GDPR compliance:
- Expressed Consent for New Members
You will need to gain one-time expressed consent from current members, however, for new members you can simply enable this required step as part of your standard membership application.
- Unsubscribe & Communications Flexibility
Greater flexibility to easily add standardized disclaimer/privacy text to the bottom of all emails including single emails. This allows you to actively communicate your GDPR compliance to your contacts.
- Security Improvements
Access to a host of optional security features that can be enabled a la carte to enhance the security and restriction of the authentication of your members.
- Privacy Shield
GrowthZone software products will be certified via the PrivacyShield framework. This means that your members’ data will be housed outside of the EU but still in compliance with GDPR.
- Now that you know where to start, know that there’s plenty of help available to associations like you. We are here to help today, and beyond.