Protecting your privacy

GCSAA is dedicated to fully protecting the personal data received from our members and customers. The information provided below gives a brief overview of the impending European Union regulation and the actions GCSAA has undertaken to achieve compliance.

What is GDPR?

On May 25, 2018, the European Union’s (EU) comprehensive General Data Protection Regulation (GDPR) went into effect. The GDPR is a wide-ranging personal data protection regulation designed to standardize data privacy laws across the EU and further protect the privacy of EU residents. The regulation also provides EU residents with increased rights and controls regarding how their personal data is collected, used, transferred, removed, etc.

Who is impacted by the GDPR?

The GDPR directly impacts any organization, regardless of location, that acquires, stores or processes personal data of individuals located and/or residing in countries of the EU. There are no exceptions provided for non-profit organizations or professional membership associations. Organizations must respond promptly to inquiries and requests made by customers concerning their personal data and how it is being used. The GDPR outlines specific requirements for the timely reporting of data breaches where customer personal data has been compromised.

What types of personal data does the GCSAA collect?

Under GDPR, personal data includes any information relating (directly or indirectly) to an individual or identifiable natural person. The data collected does not have to be confidential or sensitive to qualify as personal data. The GDPR definition of personal data is broad, but includes information such as name, location data/address, bank/credit card details, ID numbers, photos, social media handles, etc. Sensitive personal data has additional protection under the regulation; examples include social security numbers, race, ethnicity, political affiliation, medical/biometric information, criminal history, etc..

To learn more about the types of information collected by GCSAA and how the data is used, please review the Privacy Policy.

What is GCSAA doing to comply with GDPR?

GCSAA takes data security very seriously and we are constantly reviewing our policies and procedures to ensure our member and customer data is well protected. Below is a list of actions being taken by GCSAA in order to achieve compliance:

  • Assessment of current third-party vendor agreements to confirm awareness and compliance with GDPR.
  • Robust changes to our Privacy Policy, providing increased transparency on the types of data collected and how it is used by GCSAA.
  • Review of internal staff confidentiality agreements; communications to all staff members regarding GDPR and training for key data processors.
  • Removal of any sensitive personal data that is not required to conduct the business of the association (and related entities).
  • Enhanced internal procedures for detecting, investigating and reporting data breaches.
  • Advanced technological capabilities (both online and internal) to support GDPR requirements and data rights for EU residents.
If you have specific questions about GCSAA’s compliance with GDPR, please contact

What happens if I don’t want to provide GDPR consent to GCSAA?

Collecting and utilizing customer data is necessary for GCSAA to provide products and services to our members and customers. For individuals located/residing in countries of the EU, failure to provide consent will greatly impact our ability to do business with you and could result in the cancellation of services (along with appropriate refund) or severely restricted access to programs, services, and/or online functionality.

If you wish to withdrawal consent (to GDPR or our Privacy Policy), please contact