Privacy Shield Framework. Blackbaud will not sell data to third parties. E-mail processing is only done on Blackbaud`s secure servers. The principles of data protection in the RGPD remain broadly unchanged from those of the UK Data Protection Act 1988. They play a leading role in the RGPD as fundamental principles of data protection and privacy. Blackbaud`s attack is a big data outage. It can serve as a catalyst for U.S. non-profits to take a longer look at the RGPD and analyze its own need for analysis. Some also criticized blackbaud for for its months`s forfeiture in notifying its utility users of the violation; The company argues that, to the extent that the data was eventually retrieved by hackers, no non-derivative or donor information was compromised and therefore there is no need to prevent it under regulatory data protection regimes, such as the EU General Data Protection Regulation (GDPR) or the Consumer Privacy Act (CCPA) in California.
So where are the small non-profit organizations, whose donor and client information may have been compromised, and what lessons can we learn from the Blackbaud accident? Large institutions may have already analysed the need to comply with the RGPD and will therefore be aware that, if they fall within the scope of the RGPD, they may be required to report the breach to both the individuals concerned and the DATA protection authority in the EU.