If you think your credit union does not have to comply with the European Union’s General Data Protection Regulation because you don’t serve any EU residents, not only would you would be very wrong, this mistake could be very costly.
The EU GDPR, which took effect on May 25, will impact every U.S. business that processes the “personal data” from EU residents. The regulation focuses on the processing of the data, not the location of the business.
What Does the EU GDPR Require?
The EU GDPR requires entities that process the data of EU residents to obtain specific consent to do so (unless an exception applies). It also provides EU residents with the “right to be forgotten,” allowing such individuals the right to request the deletion of their data.
continue reading »