The General Data Protection Regulation (GDPR) is a new set of rules governing the privacy and security of personal data as laid out by the European Union (EU) commission. These new regulations go into effect on May 25, 2018.
The primary goal of the GDPR is to give EU residents (including those in the United Kingdom) control over their personal data, regardless of where the organization collecting the data is located. (For a detailed explanation of the GDPR and its regulations, please see the GDPR homepage.)
What is YourMembership doing?
YourMembership (YM) is committed to providing tools within its association management software (AMS) product that will help our customers worldwide reach GDPR compliance. During the past year, YM has worked with TrustArc, a compliance and security firm, as well as a compliance lawyer, to walk us through what we needed to do as a business to meet compliance requirements.
While we are developing feature enhancements during the coming weeks and months, it’s important your organization takes every step possible to ensure it’s compliant with the new regulations. If you have not already done so, we highly recommend working with a legal and compliance expert to help you and your organization become compliant.
Soon, YM is releasing several updates to existing functionality, as well as implementing new tools to help our customers ensure their software is GDPR compliant. All changes and updates are planned to be available by Summer 2018.
Activity Logs. The activity log functionality will be enhanced to include more robust tracking on specific actions members and administrators make when it comes to updating profile information and email marketing preferences.
In the regulation, a heavy emphasis is placed on audit tracking as it pertains to a member’s personal identifiable information, as well as their preferences about how they want you to communicate with them. YM will ensure any change is properly documented and visible to you.
User Consent. A new feature will be available allowing you to unequivocally capture consent from member and non-member users, allowing you to collect and process their personal data. If enabled, users must provide consent before entering information in any of the feature areas where personal data may be collected. Examples of these feature areas are new member signup, event registration, form submission and commerce checkout, among others. The date and time in which the user consented will also be captured and visible to administrators.
The regulation clearly states organizations must capture consent from EU resident users prior to storing or processing their personal data.
Cookie Notice. An update to this existing feature will allow customers to display a more prominent warning/overlay on the frontend of their website, notifying members and site visitors the website needs to utilize browser cookies to function.
Request for Data and Anonymization. New tools will be implemented allowing administrators to obtain all member-related personal data, if the request is given by that member. In addition, the ability to anonymize a member record will be available, if such a request is made.
Under GDPR, an individual has the right to request a copy of his or her personal information held by an organization. The information must be provided to the individual in a common, machine-readable format. Additionally, under the regulation, an individual has the right to request an organization “forget” them. This essentially means a user/member can request all his or her personally identifiable information be deleted or anonymized so none of the data the organization has can be traced back to the specific individual.
As the GDPR is enacted, we will remain committed to learning from the association industry and working with individual customers as we continue implementing tools and functionality, helping organizations we serve remain compliant.