Virtual Airlines and GDPR

Rules and Regulations say that a Certified Virtual Airline must comply with GDPR. Technically, what does it mean?

IVAO takes very seriously all matters regarding privacy and policy. By certifying a Virtual Airline on IVAO, there are a few rules that we expect to comply with.
We realize that GDPR is a big subject, and no one must be a lawyer to be the CEO of Virtual Airlines.
To make it simpler, for VA certification, we will focus on those points :

Your VA's Rules and Regulation must have a chapter, clearly stating :
An exhaustive list of all data you collect from members (it could be First name, Last name, birth date, IP address, IVAO's VID, IVAO's ranking and activity...)
Clearly mention that all pilots, whatever their country or nationality, has the right to access and/or delete all of the data mentioned above
Your VA's website must NOT display publicly the last name of pilots and their personal email addresses. IVAO's VID and VA callsign are accepted in public display. The company's email addresses are allowed for staff members if the airlines provide them (example: human.ressources@MyVirtualAirlines.com)
Those restrictions only apply to public access to the website. Once pilots are logged on, those restrictions are waived.

My Virtual Airlines is not registered in Europe. Do I have to comply with GDPR too?

IVAO is an NPO based in Belgium, and IVAO must comply with GDPR.
By certifying a VA with IVAO, a partnership is linked together, and pilots from all over the world can reach your VA, and we guarantee a certain level of quality.
This is why we request that all VA around the world, whatever the country, also comply with European standards.