By Lauren Karch. From The Nonprofit Quarterly. Posted on 5/29/18.
GDPR is a new set of regulations that require organizations to protect the personal data of EU citizens if that data is provided during an interaction within an EU member state. The regulation is the same across all 28 states.
GDPR replaces an older data protection law from 1995, and the biggest change to the law is the concept of extraterritoriality: it applies to all organizations that process personal data of European residents, whether or not they are physically located in Europe. The other changes are kept purposefully loose—while they require a “reasonable” set of protections for personal data, the definition of reasonableness isn’t provided, and may be left to European regulatory agencies.