@wthess, you might want to have a look at
- https://en.wikipedia.org/wiki/General_Data_Protection_Regulation (for a short overview)
- https://eur-lex.europa.eu/eli/reg/2016/679/oj (for the regulation itself)
- https://www.itgovernance.eu/blog/en/expert-gdpr-qa-the-material-scope-of-personal-data-and-legal-implications (for Q&A)
In short: GDPR directly pertains to data collection, therefore both non-profit and charitable organizations have exactly the same obligation to abide by GDPR as any other corporation. However, its scope excludes data processed by natural persons for purely personal reasons.
Please note, though, that IANAL and you should always double-check statements.