...

What do I need to know about GDPR?

The GDPR was approved and adopted by the EU Parliament in April 2016. It came into force on Friday May 25, 2018.

In the past, Data Privacy laws in Europe have always applied to European businesses and EU Citizens.  These new laws affect ALL EU residents, not just citizens.  This means that these laws apply to our European members and will affect how we deal with membership information in Europe.

The GDPR was approved and adopted by the EU Parliament in April 2016. It came into force on Friday May 25, 2018.

...

on a global level.

What do I need to do? 

If you have any access - Membership Lists, Database, Emailing, CallHub - to our membership data, please take a look at ouryou are a leader for your country or chapter, or if you are a volunteer with access to our database, please read the following Articles.  They contain crucial information on what you can and cannot do with Membership Information. Even if you are on your local Executive Committee and do not access member data yourself, you need to understand these policies.

1. Do's and Dont's Under GDPR

...

1. :  Some of our older practices are changing - just slightly! And some old habits, although they may die hard, must be put to rest.  

...

We sent an email about Best Practices to all Admins on Tuesday May 22.  An in depth version of this guide is available on the Wiki at Best Practices for Administrators.

Also, deleting Members requires a couple of extra steps on our end now.  Please read about that here.

Is there a game plan?  Can I help?

...

2. Contacting Members - DA Policy: How to contact our members without violating the GDPR guidelines.
3. Best Practices for Administrators: How to follow the rules if you are a database, email, or web administrator.
4. Deleting Members: This has also changed with GDPR, and it is crucial to follow the new steps.  Read about it at the bottom of this page.
5. Social Media: How To Facebook, Instagram, and Twitter under GDPR

Who does the GDPR affect?

Organizations located both within and outside of the EU which offer goods or services to, or monitor the behavior of, EU data subjects. It also applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.  

GDPR applies to anyone who lives in the EU, as well as to EU nationals.  It actually expands the rights of our European-resident members with regards to their data.

 We collect personal information at DA to be able to contact our members and inform them about voting and other issues.

...

Stop speaking legalese and please tell me what this is.

GDPR expands the existing definition of personal data and lays out new standards regarding the ownership, use, and protection of this data.      In other words:

Personal data will be is defined as anything that can identify an individual. This means a nameNames, an email addresses, an addressphysical addresses, a phone numbernumbers, credit card details, or a pseudonym, among other things.  We collect personal information at DA to be able to contact our members and inform them about voting and other issues. 

Under GDPR, EU residents, regardless of their nationality,  own their personal data and can therefore control how it may be used.  For example the membership information DA is given could be called Uncle Jack's  pair of gloves, his hat, and his coat.    Jack has left these items with us and assumes we'll take care of them, and not lend the gloves to the next-door neighbor, use the hat as a lampshade or the coat as a rug.  It's our responsibility to respect and not mishandle our member data.

One of the most significant changes for individuals is the right to be forgotten.  When someone asks to be deleted from the database, their request must be granted within 30 days, and all information we hold in our system about them must be deleted.  We do this anyway, but the membership administrators in each country committe should be aware of this and not permit any requests to accumulate.

...

If you have a question about our membership information and how to deal with it, please ask the IT Team at:
membership@democratsabroard.org.

Can I help?

If you are a IT security specialist or a lawyer with an IT Security/GDPR specialty and you would like to get involved, we would love to hear from you.  
Send an email to helpdesk@democratsabroad.org or to privacy@democratsabroad.org and let us know.

I still have questions!!

And we have more answers!!!  This Wiki page is not meant to be the definitive source for any and all GDPR information.   We are putting together the answers to more questions that have been recently posed by our leaders and members, and we will post them as soon as we can!!!  While we are doing that, below is a list of articles and websites for your perusal.    

Please be aware that many sites have incorrect or misleading information about GDPR.  Please check with the DA IT team and/or the DA Legal team if you have specific questions.  You can also email Karen on the IT Team directly at karen@democratsabroad.org

Articles and Websites:

Democrats Abroad Do's and Don'ts under GDPR

...

BBC Informative Quiz on GDPR

GDPR Team

Julia Bryan - International Chair, Alex Montgomery - International Vice-Chair , Jeffrey Cheng - International Secretary, Tom Schmid - International Counsel, Yasmin Mang - DA Germany Counsel, Karen Frankenstein, IT Team