The EU is bringing in new privacy regulation on May 25 – the GDPR (General Data Protection Regulation). These laws pertain to EU citizens and any organizations that collect or process data on EU citizens. If your membership database includes EU citizens, you will want to understand the GDPR, how it affects you, and what your obligations as a data controller are.
Firstly, you must obtain consent to track personal information about individuals. Normally this is not a big deal, because people who actively fill out forms to apply for membership or other website services are generally well aware of what they are signing up for. But if you intend to use that data for other purposes, or if you have old historical data in your database that was not collected in such circumstances, or you are creating records yourself to track information about people without their knowledge, then the situation is not so clear. If you have a privacy policy or terms of usage, they should state what information you collect and what you are using it for in simple, unambiguous language. If you find that you have old data in your records for which you do not have consent to use for your current purposes, that data should be removed.
Even in cases where you have collected personal data with proper consent, the GDPR makes it clear that people can withdraw their consent, and you have to respect their wishes in that regard. The GDPR even allows them to request that you delete their personal data – this is called their right to be forgotten. If you receive such a request, you should know how to find their data records and either:
- delete the records entirely
- if you cannot delete the records, blank the personal data fields
- if you cannot blank the fields (for example, if it is a required field), then anonymize the data (change it to something that is no longer personally identifying)
Note that when removing data in this way, it is important to distinguish between their personal data, and your organization’s business records. You do not need to eliminate all traces of their existence, only the personal data that you do not require to do your own work. For example, if the individual made a purchase from you, the records of that purchase are your business records, and it is reasonable to keep them on file for your own accounting. But if you are tracking personal information like photographs, birthdates, or education history, and those data are not pertinent to your organization's ongoing work, then that data should be removed on request.
Individuals have a right to know what information you collect about them. If the person is a current member or guest on your system, they may already be able to access their profile, which shows most of the data that is collected. If they have been archived or do not otherwise have a login, and they request a copy of the data you have on file about them, you should:
- verify that you are releasing the data to the person in question (sending it to an address that you already have on file for them is a reasonable approach)
- use your Report Builder for Members to build a custom report for just that member. Select as many fields to display as are likely to be relevant, and add a single condition to select information only where member_id = that member’s ID.
- export the results of that report, and send it to the person
- you can also go to the Payments module, pull up their account history, and email their account statement, so they can see their purchase history with the organization.
As noted above, they can request that you delete personal profile data, but their purchase history is part of your accounting records, and you can retain that information if you wish. Contact information is in a grey area. Collecting billing contact information from your customers is a reasonable and normal part of doing business. But not all of that contact information necessarily needs to be retained, and you may also have additional non-billing contact records that are not really part of their purchase history. So it may nonetheless be necessary to clean out contact information that is not needed for the purposes of archiving your sales history.