Three Key Data Privacy Tips for Associations
May 29, 2019
By:
With the recent one-year anniversary of the EU's General Data Protection Regulation (“GDPR”), now is a good time for associations to consider key data privacy tips. Data privacy is a key area of compliance that is receiving increasing attention from courts, legislatures, and customers. Data privacy is distinct from data security and concerns how you collect, use, and share individuals’ data. Most importantly, good data privacy is increasingly perceived as an integral part of good business ethics by customers and partners. Here are three tips for considering how data privacy can affect your organization:
- (1) Update Your Privacy Policy: Customers, courts, and regulatory agencies now expect companies to provide clear and accurate privacy policies. Having incorrect or incomplete policies can lead to unhappy members and even legal action. When updating your association's policy, remember the simple mantra: “Say what you do, do what you say.”
- (2) Determine your risk under the GDPR: The GDPR is an EU regulation that became effective on May 25, 2018. It carries hefty fines and can apply to U.S. associations if the association has an establishment in the EU or offers goods and services to individuals in the EU. If the GDPR applies to your association, noncompliance can be expensive, as EU individuals can lodge complaints against your association with EU data protection agencies. Read "GDPR Basics for U.S.-based Organizations" here.
- (3) Learn Your Data Privacy Obligations Under Existing and Upcoming U.S. Laws: As data privacy becomes a focus for state governments, Congress, and the Federal Trade Commission, it is important for associations to relearn their data privacy obligations and review their practices. Over the past year, numerous states such as New York, Texas, and California have passed or introduced bills imposing GDPR-like data privacy obligations on U.S. entities.
And remember, data privacy is becoming an increasingly important part of customer service. Members, customers, and even former employees of members are paying much more attention to how their data is being collected, used, and shared. For more information on the data privacy, please contact Oliver Krischik at 202.342.5266 or okrischik@gkglaw.com.