EU Data Protection Law to Impact Charitable Donations

Do you have customers in Europe? Are you a charity that receives donations from EU citizens? Do you send your newsletter to people in Europe? If any of these apply to you, you should be aware of changes to European privacy laws that will come into effect on May 18, 2018. That is the effective date of the new European Union General Data Protection Regulation (GDPR), which significantly broadens the geographic scope of European privacy laws to include individuals and businesses outside of the EU.

Any person who uses, collects, or stores personal data of EU citizens will be required to comply with the GDPR. The GDPR defines “personal data” as information about a natural person that can be used directly or indirectly to identify the person. This includes a name, photograph, e-mail address, bank details, or even an IP address. It makes no difference if the business is located outside of Europe and has no physical presence in Europe – if it handles the personal data of EU citizens it will be subject to the GDPR. For instance, an online store that collects personal data to fulfill orders to European customers will need to comply with the GDPR.

The GDPR increases the rights and protections EU citizens have to their personal data. Companies may no longer obtain consent to use personal data by hiding it in long blocks of legalese. Consent must now be intelligible and easily accessible. The GDPR also requires those using or storing personal data to implement adequate security measures to prevent unauthorized use or disclosure. To transfer the data to the United States, companies must comply with strict requirements to ensure the security of the data. Once EU citizens provide their personal data, they have several rights in and to the data, such as the right to revoke consent for its use, the right to access the data, and the right to delete the data. Those subject to the GDPR are also subject to data breach notification requirements and a variety of other requirements.

The GDPR makes sweeping changes to how U.S. companies interact with EU citizens. Penalties for not complying with the GDPR can be steep – up to 4% of a company’s annual worldwide revenue. Those who do business with EU citizens should begin planning now for complying with the GDPR when it comes into effect on May 18, 2018. If you have questions about the GDPR or if it applies to your organization or business, we invite you to contact our office.

This article is provided for general information and is not intended to be legal advice for any specific situation.  If you are in need of specific advice or legal representation, please do not hesitate to contact us.

©2018 Bea & VandenBerk