When the General Data Protection Regulation (GDPR) was officially implemented in May 2018, many organizations and associations were not fully prepared for the fundamental changes in the management of personal consumer information it heralded. While the regulation is initially set to encompass 31 countries from the European Economic Area (EEA), it is only a matter of time before other regions across the world start implementing it to harmonize the collection and storage of Personally Identifiable Information (PII).
Essentially, GDPR serves as a reminder for all associations – whether their customers are located in EEA or outside –that they need to start devising ways to build long-term member trust. They must reassure their members their data is secure. They need to convince their members their confidential information belongs only to them, and that the associations have set in place data hygiene mechanisms. As per GDPR, members of associations now can access their personal data stored by the former from anywhere, correct incomplete data, request for deletion of the same, and also forbid the association from using this data.
Key GDPR concerns for associations
For associations and nonprofit bodies, this poses an interesting challenge. As the processing of any member data now requires explicit opt-in consent, traditional sales and marketing activities that associations have performed are now rendered obsolete. For instance, associations need to be very careful about the information they ask members to fill on website forms. Potential members from EEA could be among such visitors, and if the association does not take adequate care to protect this data, it could find itself facing massive non-compliance fines. Previous practices such as purchasing email lists or getting members to refer new members may also need to be revisited.
Associations also need to define specific sets under which specific member information falls. Basic data such as name, photo, email address, IP address and more, which were previously considered easily obtainable and transferable, are now covered under the scope of GDPR. Hence, associations must now store and transfer this data in an organized and accurate manner. Moreover, GDPR compliance for associations now runs across all organization levels –from senior management to team leaders and their staff – and this presents associations with a critical challenge to overcome.
While this may lead to some changes in the way employees review existing business processes and applications, GDPR will require a more comprehensive shift in the mentality of association staff when they are communicating with members. If they have to send members a newsletter about recent activities or industry updates, they will need to check for clear opt-in. If they collect information that is relevant for annual meetings then they will have to explicitly state that such information will only be used for the purpose of such meetings. In effect, associations will have to initiate fundamental changes in how they expand their membership, and run programs.
It is no longer enough for associations to assume that since their members agreed to a certain action, they are compliant with other activities as well. The simple rule associations should remember is this –if a member did not request it, they must not provide it.
The road ahead for GDPR compliance
The very first step associations must undertake is to conduct an in-house risk analysis to see where the gaps lie with regard to data collection and management. Many associations use multiple software systems and technologies, so they now face the formidable task of aligning these tools under the GDPR directive and consolidating all the member information they possess. They need to start by asking the following key questions:
In some cases, associations may have to revamp their privacy policies and notices to ensure GDPR compliance. For this purpose, data analytics can be a savior for them by providing unique insights into member consent, preferences and interests – all from a centralized and consolidated dashboard. Associations have to quickly sort through a lot of data now, and effectively doing so can enable them to devise successful and highly targeted marketing campaigns.
In other instances, associations will need to revisit their vendor contracts and member agreements as well, to carefully study the language used therein. They will need to insert new clauses to ensure all member data is stored and managed in a manner that is compliant with GDPR. They will also have to contain data breaches as per relevant mitigation mechanisms and best practices, in the event they do occur.
Associations worldwide now must realize that GDPR and data privacy compliance is an ongoing activity that has only just begun. Individual data rights are sure to see further adaptations as time goes by, and GDPR merely represents the first stage of questioning the nature and source of personal member information. Associations should, hence, look at developing policies of ‘Privacy by Design’ to provide data security at every stage, and not as an afterthought. This will help them boost member trust and loyalty, and achieve their long-term membership objectives.
Contact Us Today
What Is an SQL Query Engine? SQL query engine architecture was designed to allow users to query a variety of data sources within a single query. While early SQL-based query engines such as Apache Hive allowed analysts to cut through the clutter of analytical data, they found running SQL analytics on multi-petabyte data warehouses to be a time-intensive process that was difficult to visualize and hard to scale.Explore
A Winning Base for Successful Digital Transformations When it comes to developing a successful digital strategy, it is not just corporations planning to maximize the benefits of data assets and technology-focused initiatives. The Government of Western Australia recently unveiled four key priorities for digital reform in its new Digital Strategy for 2021-2025.Explore
Engage Your Workforce with a Modern Employee Intranet Solution The employee intranet has changed significantly since it was first introduced in the early 1990s. What started as HTML-based static portals have now evolved into intuitive communication tools complete with search engines, user profiles, blogs, event planners, and more. Today, many organizations are taking a second look at employee intranets to bridge gaps between teams, build company culture, centralize information, increase productivity, and improve workflow.Explore
Adopting emerging cloud technologies, consolidating resources, and improving processes is the key. “IT no longer just supports corporate operations as it traditionally has but is fully participating in business value delivery. Not only does this shift IT from a back-office role to the front of business, but it also changes the source of funding from an overhead expense that is maintained, monitored, and sometimes cut, to the thing that drives revenue,” said John-David Lovelock, research vice president at Gartner.Explore
Deliver Powerful Insights Instantaneously with Federated Queries - No Matter Where Your Data Resides The concept of federated queries isn’t new. Facebook PrestoDB popularized the idea of distributed structured query language (SQL) query engines in 2013. Over the years, AWS, Google, Microsoft, and many others in the industry have accelerated the adoption of a distributed query engine model within their products. For example, AWS developed Amazon Athena on top of the Presto code base, while Google’s BigQuery is based on Cloud SQL.Explore
What is Unstructured Data? Almost 80% of the data that enterprises and organizations collect is unstructured - data without a set record format or structure. Unstructured data includes data such as emails, web pages, PDFs, documents, customer feedback, in-app reviews, social media, video files, audio files, and images.Explore