The Nonprofit Times featured comments from Bob Waldman and Kelly DeMarchis Bastide on June 18, 2018, about the challenges of the European Union's General Data Protection Regulation (GDPR), which went into effect in May, and whether or not organizations are ready for the new regulation.
The key challenges that Waldman and Bastide suggested nonprofit leaders needed to comply with included: the regulation applies to both EU-based and non-EU-based organizations; GDPR requires a clear, affirmative act for consent; liability cannot be pushed off onto vendors via contract; privacy impact assessments (PIAs) are not necessary all the time; during a data breach, GDPR requires notification to the supervisory authority "without undue delay," and, when feasible, not more than 72 hours after discovery of a breach; and, the UK is also required to follow GDPR during Brexit procedures.