The EU General Data Protection Regulation (GDPR) will take effect on May 25, 2018
What is the GDPR?
Over a year ago, the European Commission (EC) approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is both a legal framework for the protection and security of personal data in the European Union (EU) and a set of regulations that will apply across Europe as of May 25, 2018.
Does it apply to me?
The GDPR applies to all organizations operating in the European Union (EU) and processing “personal data” of EU residents. Personal data is defined as “any information relating to an identified or identifiable natural person.” This definition is notably much broader than “sensitive information” or “personally identifiable information,” which are the more narrow definitions of the data to which a regulation might apply (sometimes seen in other privacy and data security regulations).
Getting ready for GDPR
One of NationBuilder’s core tenets has always been that our customers own and can efficiently manage their own data. With that comes a responsibility to help our customers ensure that they are protecting and securing their data, which includes complying with regulations in their home countries. We already have and use robust compliance, data protection and security practices – and are fully committed to ensuring that both our software and services are fully compliant with the GDPR.
The information offered on this page and other NationBuilder GDPR and data privacy-related pages is not legal advice for you or your company to use to comply with the GDPR or other (European) data privacy laws. NationBuilder cannot offer legal counsel.
Instead, we are providing information about the steps we have taken to become GDPR compliant ourselves and the product features and services we offer (and will offer in the future) to help our customers use our products in a GDPR compliant manner. We can also help aggregate some GDPR resources (i.e. best practices, links to other resources we have found valuable, etc.) for you to consider in your own research and on your own GDPR compliance journey. Even if some of this information is legal information, it is not the same as legal advice, where an attorney applies the law to your specific facts and circumstances. Please be sure to consult and work with an attorney to ensure you are fully compliant with all of the data privacy laws that apply to you or your company (including, if applicable, GDPR).
Our product and engineering teams are in the midst of making the necessary changes to our software and services to ensure NationBuilder is compliant by May 25, 2018 and that it is possible for our customers to use our product to be compliant. Over time, we will rollout additional product features and services to make it even easier for our customers to become and remain GDPR complaint using NationBuilder. We will be providing updates here throughout this process, so keep checking back here for the latest updates.
Transferring data outside the EU
3DNA Corp. maintains a Privacy Shield certification with the U.S. Department of Commerce which ensures that our collection and processing of personal data from our customers and business partners in the European Union will be done in accordance with the EU-US Privacy Shield Framework, as described in our Privacy Shield Notice. This certification applies to 3DNA Corp., but specifically excludes RunForOffice.org.
We also offer a Data Processing Agreement which contains approved Model Clauses to EU/EEA customers upon request.
There is no obligation under the GDPR for data to be stored in the EU. The rules regarding transfer of personal data outside of the EU currently remain the same.
Many of our standard customer agreements have been revised in light of GDPR and other privacy and data security regulations. Below is our new Data Processing Agreement.