CUNA hosted a webinar Wednesday on the European Union’s (EU) General Data Protection Regulation (GDPR), which became effective May 25. Lance Noggle, CUNA senior director of advocacy for payments and cybersecurity, presented, along with Andy Price, World Council's regulatory counsel and Hal Scoggins of Farleigh, Wada and Witt, presented.
The speakers discussed the regulation, which purports to apply to companies anywhere in the world with customers or members living in the EU.
These regulations could potentially apply to American entities that process the personal data of EU residents when offering them goods and services. The term “offering” is determined on a case-by-case basis.
While there is no express civil enforcement mechanism in the GDPR itself, international law will govern the enforcement of any civil penalty. The Federal Trade Commission indicated in the adequacy determination that it will use Unfair and Deceptive Practices to enforce penalties, but there is no rule expressly mandating compliance with the GDPR. Therefore, how, if at all, these provisions will be enforced against US credit unions will be determined over time.
Key compliance requirements under the GDPR include:
CUNA members can view a recorded version of thew webinar, available for free, here.