Over a year ago, the European Union approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is both a legal framework for the protection and security of personal data in the European Union (EU) and a set of regulations that will apply across Europe as of May 25, 2018.
The GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the EU Data Protection Directive. Many of the GDPR’s main concepts and principles are the same as those in the current Data Protection Act, but there are new elements and updates that significantly deviate from prior legislation. These include a broader definition of “personal data,” new requirements for data breach notifications, and the right to be forgotten. For more detail on key differences, please see our GDPR FAQ.
One of NationBuilder’s core tenets has always been that our customers own and can efficiently manage their own data. With that comes a responsibility to help our customers ensure that they are protecting and securing their data, which includes complying with regulations in their home countries. We already have and use robust compliance, data protection and security practices – and are fully committed to ensuring that both our software and services are fully compliant with the GDPR.
There are, of course, still some ambiguities in the law and uncertainties as to how certain provisions will be enforced. With the help of a European legal firm, we are working to parse all of these requirements and make sure that any necessary changes (if any) have been made by May 25th.
Overall, the GDPR raises the bar for data protection and security, and attempts to set the international standard for a greater protection of citizens’ personal data – and more transparency regarding how their data is going to be used. We will continue to update our GDPR FAQ and are, of course, available to help you navigate these new regulations.