Since GDPR applies to EU citizens, wherever they reside, I would recommend to ask for confirmation to every member, because WCG cannot know if somebody is a EU citizen or not.
Additionally, it could be a good idea to refresh the Privacy Policy (https://www.worldcommunitygrid.org/viewMemberPolicy.do) in order to integrate GDPR requirements.
Cheers,
Yves

Here is the official EU GDPR website, and on the FAQ page, there's the following;

Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

So, yes, WCG/IBM do need to act on this - as the next question on that page is the following;
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.

In light of this, many countries around the world are revisiting their data privacy laws and updating them for the 21st century.

thanks gb009761..

little mermaid wrote "sorry, but I cannot take it seriously"...

Well here's a scenario, bit tongue in cheek, but... I actually run an organization called "grassmere-productions". One of the things it offers, amongst others, is a web-site providing a service (information regarding enhancing the use of ClearOS). The web-site provides an address to contact me. Now an EU resident could use that address to send me an email. I now have "data" on an EU resident - the nature of his content, his name, email address and the ip he used (found in the email header). If I process that data by matching his ip with a hit on my web-site I am now supposedly under the data processing provisions of the GDPR as well has holding data on an EU citizen. Since I do not have a presence in the EU, I must therefore appoint a representative in the EU. Fortunately not big enough an organization to also be required to appoint a DPO There are also certain records that must be maintained, regardless.

Now if I fail to meet the GDPR provisions then the EU will seek to fine me. As I live in Australia, I am subject to Australian law, that will require the co-operation of the Australian authorities to send me for trial under the Australian Privacy Act. I also have dual citizenship (Aus and UK) - so i guess if I returned to the UK or visited another EU country they could arrest me there as an EU citizen - is the "Holy Roman Empire" arising from the ashes and yet again seeking to control the world

I would be surprised if IBM WCG didn't already meet most, of not all, of the GDPR provisions. My understanding (and please correct me if I am wrong) is that re-confirmation is only required where a person subscribed under conditions such as a pre-checked box. (Some software installs are notorious for this - clicking "next" on a box that has some offer already checked). So, as long as IBM has the record of your original request, my understanding is that it is enough. I presume WCG would act on a request "to be forgotten".

Would be nice if a WCG representative would respond to the OP's append...

I commend you for having the patience to study this.
Being in business it's necessary to spend time on doing that ever so often.
Your example just goes to show the madness of the minds of power hungry bureaucrats and their handlers - or the other way around.
UK citizenship soon will not equal EU citizenship much longer - lucky you

This is what we have been advised of as well. As a result, we will not be going through a process of re-obtaining consent.