All clubs are subject to the General Data Protection Regulation.
It does not matter whether the association is entered in the register of associations or no entry has been made.
The question, whether the association has to appoint a data protection officer, results from the Number of peoplewho are engaged in the processing of personal data.
As soon as this number exceeds the person size of 9, the association is for Nomination of a Data Protection Officer required by law.
heyData would like to be an expert on the subject Data protection within clubs recommend. Feel free to contact us and we will shed light on your obligations and opportunities together!
The GDPR represents the new regulation of the EU data protection laws.
This came into force on May 24.05.2016, 25.05.2018 and has been implemented since May XNUMX, XNUMX. The standardization of these EU laws have a direct impact on club life. Despite all the fears, no insurmountable obstacles have been placed in the way of the clubs, but every club has to deal with the requirements of the GDPR and they also live within the association. The often invoked death of clubs has largely not materialized and the clubs have come to terms with the new situation. The club has realized that you have to work with the GDPR in order to avoid high fines. It is important to stay on the ball here and to close all gaps with regard to data protection law.
The possible fines are particularly impressive for small clubs. A violation of the GDPR can cost the association up to 20 million euros. Of course, these fines are imposed on a case-by-case basis and therefore a wide variety of criteria play an evaluating role. Thus, especially small clubs are protected from excessive payments. But it is also a fact that the fine has increased from 300.000 euros to the above 20 million euros. Especially in associations, the state data protection officers are happy to offer assistance and external service providers also ensure reassuring security. If you look to the future, the assistance provided by the state data protection officer will slowly be reduced and the controls will tend to increase. In order to be prepared for the future, you should check all options for secure data protection!
The fact is that the state data protection officer has to deal with an association from the point at which he receives a complaint about the association. From practice it can be seen that the complaints have increased after the entry into force of the General Data Protection Regulation. In addition, every person is entitled to make a complaint!
A classic among the complaints is the right to information. The association is obliged to provide information within one month. This information includes B. stored data, the origin of the data, the processing purposes and the legal basis. In this case, secure organization within the association is required. Clear regulations should be made so that the prompt answering of information questions is regulated without disruption. This prevents complaints from the state data protection officer and does not force the association into its focus.
If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.)
According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.
As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.
The regular contract term is 24 months.
The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.