CUNA, World Council discuss EU data protection regulation

WASHINGTON, DC (May 31, 2018) — CUNA hosted a webinar Wednesday on the European Union’s (EU) General Data Protection Regulation (GDPR), which became effective May 25. Lance Noggle, CUNA senior director of advocacy for payments and cybersecurity, presented, along with Andy Price, World Council’s regulatory counsel and Hal Scoggins of Farleigh, Wada and Witt, presented.

The speakers discussed the regulation, which purports to apply to companies anywhere in the world with customers or members living in the EU.

These regulations could potentially apply to American entities that process the personal data of EU residents when offering them goods and services. The term “offering” is determined on a case-by-case basis.

While there is no express civil enforcement mechanism in the GDPR itself, international law will govern the enforcement of any civil penalty.  The Federal Trade Commission indicated in the adequacy determination that it will use Unfair and Deceptive Practices to enforce penalties, but there is no rule expressly mandating compliance with the GDPR.  Therefore, how, if at all, these provisions will be enforced against US credit unions will be determined over time.

Key compliance requirements under the GDPR include:

  • Business accountability measures that include data protections officers, record maintenance requirements, privacy impact assessments, privacy by design and default for all data collection systems, privacy policies, controller and processor responsibilities, restrictions on transfers to third countries, proof of compliance and mandatory appointment of a data protection officer in certain circumstances;
  • Requiring notification of a data breach to a supervisory authority within 72 hours (subject to conditions) and notification to affected data subjects without undue delay (with certain exceptions;
  • Demonstration of consent in a clear, intelligible manner, with the right to withdraw consent by the data consent. Existing consents may not be valid;
  • Defined consumer rights that include disclosure of data collection, right to access to records and purpose of data collection, right to restrict processing, right to recertification and erasure, right to data portability, right to lodge a complaint, right to legal remedies, right to object to profiling and penalties for violations.

CUNA members can view a recorded version of thew webinar, available for free, here.

About CUNA

Credit Union National Association (CUNA) is the only national association that advocates on behalf of all of America’s credit unions, which are owned by 135 million consumer members. CUNA, along with its network of affiliated state credit union leagues, delivers unwavering advocacy, continuous professional growth and operational confidence to protect the best interests of all credit unions. For more information about CUNA, visit To find your nearest credit union, visit


CUNA Communications


More News