The GDPR, a new law that will change how we store and use data, becomes enforceable on May 25, 2018 for any organization that serves, communicates with and/or stores information any EU resident(s). Organizations that fail comply could be fined up to $20 million. In this article, we will provide six tips to help you comply.
What is the GDPR?
GDPR stands for Europe’s General Data Protection Regulation. The purpose of the GDPR is to protect EU citizens’ data privacy by unifying data privacy laws and changing the way organizations approach data on EU citizens.
1.Identify Data Subjects
The first thing that you need to know is - what personal data you have on people? Personal data refers to any data that can be used to identify an individual and can include an individual’s name, phone number, email address, etc. Be sure to organize this information properly in your ClearVantage Association Management Software.
2.Ensure Data Security
This involves reviewing (and perhaps redefining) the data security measures that you currently have in place to ensure that no one can misplace, hack or leak any stored data. Be sure to record the safety measures that you have in place.
3. Define a Clear Fair Processing Policy
This notice should include all the data that you are tracking and why. As a part of this process, you’ll want to get rid of any unnecessary data (i.e., if your association can’t explain why you have it, get rid of it). Key components of this policy should focus on the data collector, the purpose of the data, how it will be shared and any potential effects.
4. Create a Process for Sharing Individual Information
The new law requires that organizations provide individuals with the information that they have on them for free, within a month of their request. Streamline requests by setting in place a process of how you will share this information with them. Next, be sure to have a process for deleting information on individuals upon request.
5.Create Opt-In and Opt-Out Options
The new law requires people to approve the use of their data being used for marketing purposes. To abide by this, your association should create a way for individuals to opt-in, perhaps in a newsletter subscription form on your website or in an email. Either can include and be in the form of a double opt-in or a layered opt-in form. Be sure to use the required language. Lastly, you’ll want to be sure to make it easy for users to unsubscribe and opt out, as well.
6.Spread Company-Wide Awareness
Send an informative email overview to your internal team about GDPR and the policies and processes that your organization will take to maintain compliance. Go above and beyond by providing internal training and appointing someone as a Data Protection Officer (DPO) - someone that will serve as your internal team’s point of contact for all things GDPR (and who will be responsible for enforcing GPDR policies).
Closing
It is important to note that the tips above are intended to be informative - not legal advice. Please refer to your attorney for legal advice regarding the GPDR.
The Euclid Team will be sending out periodic newsletters to members, notifying them of need-to-know information about GDPR, as they relate to ClearVantage Association Management Software and Euclid. If you did not receive our initial email earlier this month and want to subscribe, please contact us and we will subscribe you!
Resources & Guides