The General Data Protection Regulation (GDPR) of 2016 is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC) which was introduced in 1995. The GDPR becomes enforceable on May 25, 2018, and aims to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the GDPR and below, we explain how personal information is collected and stored as you interact with Field Projects International.
- How does the GDPR apply to FPI?
- What are the requirements of the GDPR?
- What personal data do we collect from our clients?
- How is FPI remaining compliant with the GDPR?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data broadly to include any information relating to an identified or identifiable natural person. This includes data that is personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
The GDPR gives individuals in the European Union several important rights:
- The right to be forgotten: An individual may request that an organization delete all data on that individual without undue delay.
- The right to object: An individual may prohibit certain data uses.
- The right to rectification: Individuals may request that incomplete data be completed or that incorrect data be corrected.
- The right of access: Individuals have the right to know what data about them is being processed and how.
- The right of portability: Individuals may request that personal data held by one organization be transported to another.
Additionally, every organization must be specific about who acts as a data controller (the organization that determines the purposes and means of processing personal data, and chooses which data to collect) vs. data processor (the organization that processes the data on behalf of the controller) for every type of data they collect.
There are many ways in which someone can interact with FPI:
- As a student applying for a program or scholarship (Personal details are provided on application forms)
- As a student attending a field course or research assistantship (Personal details, including information on health are provided in various forms during the course of preparation to travel to a field site)
- As a donor (Personal details are provided so that we may thank you for your gifts to us)
- As a visitor to our website (Personal information on behavior on a website is routinely collected)
- As a recipient of our newsletters or email notifications (Personal information is used to reach these materials to you electronically)
- As a recipient of a catalogue or print posters by snail mail (Personal information is used to reach these materials to you in person).
For further information on any of the above categories, please don’t hesitate to email us at info(at)fieldprojects(dot)org.
We use several services to process data collected from our clients in the course of operating our programs. Here are all services, along with the types of data they store, and links to their procedures to stay GDPR compliant.
- Web data obtained on our server is hosted by Digitalocean.com; please read the Data Processing Agreement that applies to their customers, including FPI.
- Email communications sent to groups of clients are processed by Mailchimp.com, while FPI remains the data controller in this case. Read Mailchimp’s Data Processing Agreement, which we have signed.
- Flipcause for money
- Google analytics?