Consumer Privacy


GDPR, REACH and The California Consumer Privacy Act Information and Resources


The EU General Data Protection Regulation (GDPR) was designed to coordinate data privacy laws across Europe. This new regulation will go into effect in May, 2018 and will not only apply to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Organizations found to be non-compliant are subject to substantial fines.

NAMM and our partners are working to provide NAMM members with relevant information. Please check here often for updates and new resources.

Information, Webinars and Videos:

The Privacy Shield Program: administered by the International Trade Administration (ITA) within the U.S. Department of Commerce
Video: GDPR Explained
European Union GDPR Site
Music Industries Association (MIA) GDPR Information Site
The Security Provisions of GDPR 
EU Data Protection Glossary
Are you ready for GDPR compliance? – Microsoft's GDPR Information Site

Questions and Answers:

FAQ’s about GDPR
MIA’s Helpful Data Protection Tips
EU General Data Protection Regulation FAQ’s 

REACH: Registration, Evaluation, Authorization and Restriction of Chemicals

REACH, a regulation of the European Union, was enacted in June of 2007 to improve the protection of human health and the environment from the risks that can be posed by chemicals, while enhancing the competitiveness of the EU chemicals industry. It also promotes alternative methods for the hazard assessment of substances in order to reduce the number of tests on animals.

Manufacturers exporting musical instruments to the European Union, or operating within the EU, should be aware of the REACH regulation. Enforced since June 2007, the regulation (EC1907/2006) is regarded as the strictest in the world pertaining to chemicals (e.g., glues, resins, etc.) used in the manufacture of a wide variety of products.

In principle, REACH applies to all chemical substances; not only those used in industrial processes but also in our day-to-day lives, for example in cleaning products, paints as well as in articles such as clothes, furniture and electrical appliances. Therefore, the regulation has an impact on most companies across the EU.

REACH places the burden of proof on companies. To comply with the regulation, companies must identify and manage the risks linked to the substances they manufacture and market in the EU. They have to demonstrate to ECHA how the substance can be safely used, and they must communicate the risk management measures to the users. NAMM members are encouraged to visit here often to stay informed on issues that could impact your business.

The California Consumer Privacy Act

Scheduled to go into effect on January 1, 2020, The California Consumer Privacy Act of 2018 (CCPA) requires certain businesses that maintain personally identifiable information about consumers (both customers and potential customers) who live in California to enable the consumer to see it upon request free of charge, and to disclose to the consumer specifically what it’s used for. Consumers will also have the right to stop a business from sharing their information, or to require it to be deleted entirely.