EU Data Protection Law to Impact Charitable Donations
Do you have customers in Europe? Are you a charity that receives donations from EU citizens? Do you send your newsletter to people in Europe? If any of these apply to you, you should be aware of changes to European privacy laws that became effective on May 18, 2018 through the European Union General Data Protection Regulation (GDPR). The GDPR significantly broadens the geographic scope of European privacy laws to include individuals and businesses outside of the EU.
Any person who uses, collects, or stores personal data of EU citizens will be required to comply with the GDPR. The GDPR defines “personal data” as information about a natural person that can be used directly or indirectly to identify the person. This includes a name, photograph, e-mail address, bank details, or even an IP address. It makes no difference if the business is located outside of Europe and has no physical presence in Europe – if it handles the personal data of EU citizens it will be subject to the GDPR. For instance, an online store that collects personal data to fulfill orders to European customers will need to comply with the GDPR.
The GDPR increases the rights and protections EU citizens have to their personal data. Companies may no longer obtain consent to use personal data by hiding it in long blocks of legalese. Consent must now be intelligible and easily accessible. The GDPR also requires those using or storing personal data to implement adequate security measures to prevent unauthorized use or disclosure. To transfer the data to the United States, companies must comply with strict requirements to ensure the security of the data. Once EU citizens provide their personal data, they have several rights in and to the data, such as the right to revoke consent for its use, the right to access the data, and the right to delete the data. Those subject to the GDPR are also subject to data breach notification requirements and a variety of other requirements.
The GDPR makes sweeping changes to how U.S. companies interact with EU citizens. Penalties for not complying with the GDPR can be steep – up to 4% of a company’s annual worldwide revenue. Those who currently or will do business with EU citizens should take immediate action to be in compliance with the GDPR. If you have questions about the GDPR or if it applies to your organization or business, we invite you to contact our office.
This article is provided for general information and is not intended to be legal advice for any specific situation. If you are in need of specific advice or legal representation, please do not hesitate to contact us.
©2018 Bea & VandenBerk