The General Data Protection Regulation (GDPR), a law passed by the EU, aims to ensure that data is protected and privacy is ensured through a combination of security measures, consent from individuals, and clearer privacy policies. Thanks to GlobalGiving's long-standing focus on security, privacy, PCI certification, and compliance with laws like CAN-SPAM and CASL , we were already prepared for many aspects of GDPR. This page outlines the steps GlobalGiving took to prepare for the GDPR and to the steps it continues to take now that the regulation is in effect.
From our first day, GlobalGiving has prided itself on protecting user data. In preparation for GDPR, we took the opportunity to revise our internal "Information and Technology Security Policy" and provided updated training to staff on IT security. This policy has the necessary technical standards and business processes to ensure that your data is secure. Here are instructions for setting up your own security policy.
We value and follow industry best-practices to protect your credit card and donation information. As such, GlobalGiving is PCI SAQ A-EP certified.
As recommended by the ICO, GlobalGiving conducted a full information audit of our site and services and established a lawful basis for processing data.
Individuals have a number of additional rights that are granted to them under GDPR which you can access under "My Account":
GlobalGiving has updated language on our site to make our opt-in flows more clear.
To ensure that donor data is securely transferred, GlobalGiving's email communications to organizations and project leaders have changed. Some information that was previously sent via email is now only be accessible by logging into your GlobalGiving Dashboard.
We transfer personal information of European Economic Area (“EEA”) and Swiss residents to the U.S. (or elsewhere) based the use of the Standard Contractual Clauses (also known as “Model Clauses”) between GlobalGiving UK and GlobalGiving Foundation. Per the European Commission, this standard agreement ensures sufficient safeguards for data to be transferred internationally.
In addition to having strong security practices, data stored with GlobalGiving is encrypted and anonymized whenever possible to provide additional protection from a data breach.
GlobalGiving has completed a data processor review and has signed Data Processing Agreements (DPAs) or Model Clauses, as appropriate, with our data processors.
For individuals in the European Union, GlobalGiving Foundation has appointed GlobalGiving UK as GlobalGiving Foundation's representative in the European Union pursuant to Article 27 of the GDPR.
We have conducted staff training on best practices for security and privacy, and will continue to provide this training to all GlobalGiving staff and volunteers on a regular, recurring basis.
You may contact us by using the "Contact Us" links on the footer of our site or by sending an email to email@example.com.