On May 25, 2018, the European Union will begin enforcing a new set of data protection regulations, known collectively as the GDPR (General Data Protection Regulation). The GDPR regulates the collection and storage of personal data for EU residents (including UK residents), regardless of where the organization doing the collecting is located.
The GDPR replaces and expands upon the 1995 Data Protection Directive. The biggest change is the extended reach of the regulations, now applying to all organizations that collect the personal data of European residents, even if those organizations are based outside of Europe.
Consequently, Wild Apricot and any of its clients with members in Europe need to understand the requirements of the GDPR, and set up procedures for complying with them.
If your Wild Apricot database contains information about any European Union residents, please let us know and we can help you identify whether your organization is compliant with GDPR. Wild Apricot has begun auditing their processes and software for GDPR compliance, but as of February 2018 Wild Apricot staff have not completed the audit or any remediation actions. Organizations in breach of the GDPR can be fined up to 4% of their annual global revenue or €20 million (whichever is greater). There is a tiered approach to fines, whereby an organization can be 2% for not having their records in order, 2% for not notifying about a data breach, and so on.