The EU (European Union) is making significant changes to their data protection and privacy rules.  Since the Chapter collects, stores and/or shares the personal data of EU citizens, you need to know about the GDPR.

What is the GDPR?

The GDPR, or the General Data Protection Regulation, is technically already in effect but will be enforced beginning May 25, 2018.  These new rules are for organizations that start after May 25, 2018.

The EU is implementing these changes in response to the significant increase in the amount of personal information collected and used today. The overall mission of the GDPR is to give members greater control over that personal data.  It won’t be enough for a chapter just to say they’re complying. They’ll also need to demonstrate compliance related to requirements in several areas, such as:

  • Notification of Cookie Usage
  • PCI DSS Compliance.  The chapter is PCI DSS Certified compliant.
  • PII Compliance.  The chapter is PII certified compliant by PMI.
  • Web Analytics.  The chapter anonymizes the IP addresses of the Google Analytics Module
  • Personal data Usage.  Any former members data will be purged from the system upon request from the chapter member within 30 days of receipt of notice. Contact us for the same.

What’s considered personal data under GDPR?

The GDPR defines personal data broadly. They interpret it as anything that can be used to identify an individual. In addition to a name that can include information you may – and may not – consider personal, including: 

  • Birthdays.
  • Banking and financial information — The chapter does not store these.
  • Credit card numbers - The chapter does not store these.
  • PMI Member Record.
  • Email addresses.
  • IP addresses.
  • Medical data — The chapter does not store these.
  • Social media posts — The chapter does not store these.