Skip to main content

Frequently Asked Questions about the General Data Protection Regulation (GDPR)

Disclaimer

The information offered on this page is not legal advice. NationBuilder is providing general information about GDPR and about the steps we have taken in preparation for GDPR. Even if some of this information is about regulatory requirements, it is not the same as legal advice, where an attorney applies the law to your specific facts and circumstances. Please be sure to consult with an attorney about specific compliance requirements for you and your organisation.

What is GDPR?

In April 2016, the European Commission (EC) approved and adopted the General Data Protection Regulation (GDPR), which replaces the 1995 EU Data Protection Directive and standardizes data protection law across the EU countries. The GDPR went into effect on May 25, 2018.

 

Who does GDPR apply to?

GDPR applies to all organizations processing the “personal data” of EU residents, regardless of whether the organization is operating in the EU. GDPR defines “personal data” as “any information relating to an identified or identifiable natural person.” This definition includes a wide range of personal identifiers, such as name, identification number, location information, and online identifiers. “Personal data” as defined by GDPR is notably much broader than the terms used in other data protection regulations, such as “sensitive information” or “personally identifiable information.”

 

When did GDPR become applicable?

May 25, 2018.

 

What if my business is not in the EU but I do business with EU companies?

You may still have to comply with the GDPR. The Regulation applies to non-EU organisations that offer goods or services to, or monitor the behaviour of, EU data subjects.

 

Can personal data continue to be processed outside of the EU?

Yes. The GDPR places restrictions on the transfer of personal data to countries outside of the European Economic Area, but such transfers are still possible if they follow the requirements of the GDPR. NationBuilder complies with those requirements by maintaining its certification under the US-EU Privacy Shield

 

My organisation is based in the UK. With Brexit happening, does GDPR still apply to my organisation?

The UK’s decision to leave the EU did not affect the implementation of the GDPR. After the UK exits the EU, UK organisations processing the personal data of residents of other EU countries will have to continue to comply with GDPR. If a UK organisation’s activities are limited to processing the personal data of UK residents, its compliance requirements will be determined by the regulatory scheme put in place by the UK government after the UK exits the EU. It is expected that such legislation will largely follow the GDPR.

 

Where can I find more guidance about the GDPR and its requirements? 

Thorough guidance that can help guide you through the Regulation’s requirements is available from the UK’s Information Commissioner’s Office and the French Data Authority, la CNIL.

 

What did NationBuilder do in preparation for GDPR?

One of NationBuilder’s core tenets has always been that our customers own and manage their own data. With that comes a responsibility to provide tools that help our customers ensure that their data is protected and secure, which includes complying with applicable regulations. To that end, we have always prioritized robust compliance, data protection, and security practices. 

Read about the changes we made in anticipation of the GDPR here.

 

What are NationBuilder’s Advanced Privacy tools?

The Advanced Privacy suite of tools was designed with GDPR compliance in mind and provides NationBuilder customers additional data privacy tools. Using the Advanced Privacy tools, customers can:

  • Gather and manage consent for data processing.
  • Gather consent for certain analytics cookies. 
  • Respond to individuals seeking to exercise their rights to data erasure, data access, and data portability. 
  • Switch NationBuilder match on and off and manage match data.

 

What can you tell me about consent?

The GDPR provides that a lawful basis must exist for the processing of personal data. Consent from the individual whose data is being processed is one possible lawful basis. You can learn more about the principles of consent (and other lawful bases) by reviewing the guidance from the UK’s Information Commissioner’s Office. You can also check out our webinar regarding consent under the GDPR, where we provide an overview of the concepts of consent and information about NationBuilder’s consent tools.

 

If I have additional questions regarding the GDPR who can I contact?

Please email our team at privacy@nationbuilder and we will get back to you as soon as possible.

 

Last updated on 29th July 2019