You can’t pay attention to the news without hearing about the concerns and issues around data privacy and data protection. It affects every type of industry, government, and nonprofit organization out there. As of May 25th 2018, new laws will go into effect in the European Union that attempt to address these concerns for European citizens. 

In today’s episode, I’ll speak to Cameron Stoll, a member of Blackbaud’s legal counsel team and the chief data protection officer for Blackbaud’s European companies. We will discuss the EU’s General Data Protection Regulations (GDPR) and what they mean for NGOs both in and outside of the EU. 

Topics Discussed in This Episode: 

• What GDPR is and what it does
• How GDPR evolved and differs from previous laws
• The difference between processors and controllers and what each one does
• How GDPR aligns with current best practices
• The intent and meaning behind legitimate interest when it comes to GDPR
• How the right to be anonymous plays into GDPR
• How the definition of personal data has been expanded
• How GDPR may affect organizations outside of the EU
• Whether legislation similar to GDPR might be seen in the US, Canada, or other countries 

Links and Resources: 

Cameron Stoll

GDPR 

“We have to have contractual relationships with these processors to make sure that they will abide by our instructions and to make sure that they can’t take that data and analyze it and sell it to another company, for example.” 

“Ultimately it really comes down to very general principles: protect the data that you have, give people choices about how you’re going to use their data, and be really transparent about how you’re using the data you collect.” 

“I think it can be seen as an extension of consumer rights on a really large scales across all industries in Europe.”