If you receive payments from a donor or client based in the European Union (EU), then a new law taking effect on May 25, called the General Data Protection Regulation (GDPR) will require your compliance. The regulation centers around accountability for the personal data of individuals and is applicable to anyone doing business with an individual or entity from the EU. In order to comply, your company must put practices and safeguards in place to understand what personal information may be embedded in your transactions or captured by your systems. Knowing the data lifecycle of transactions across your network is key—non-compliance will result in fines.
Complying with the GDPR
If you have transactions with European donors or clients, it is imperative you study the GDPR and put in place some key controls over your data handling, such as the following:
- Create a Data Classification Policy and know what data you hold
- Understand the rights that clients and donors have over their personal information
- Set-up security breach reporting procedures
- Understand how third parties who process transactions for you may (or may not) be complying with the GDPR requirements
- Train your staff on the GDPR risks and security issues
If you’d like to know more about this topic, please contact us.
© Clark Nuber PS and Developing News, 2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Developing News with appropriate and specific direction to the original content.