How associations and foundations can with legal certainty prepare for the demands of the new legislation.
Many associations are uncertain how to implement new GDPR requirements. Those uncertainties are even greater if BDSG [Federal Data Protection Act]requirements could thus far be ignored.
The BvD would like to offer their assistance by making available aids at no or very low cost. Data protection supervisory authorities and associations have already published useful check lists and examples that we would here like to bring to your attention.The responsibility of implementing GDPR requirements nevertheless remains with the board of associations, including any adaptation of existing responsibilities and processes.
The need to appoint a Data Protection Officer depends on the size of the association and the number of persons permanently engaged in fully automated processing of personal data.
It may, however, also be taken into consideration that Art. 37 Para. 4 GDPR also allows associations to appoint Data Protection Officers for their members.This will ensure competent advice even for small units and specific sectors, yet at reasonable cost.
See below for information and links to publications by the supervisory authorities.Refer to the overview of data protection supervisory authorities under the Federal officer for data protection and freedom of information to find the supervisory authority responsible for you in your Federal state: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Sample templates and application notes
You may access more information on your measures for implementation via the website of your data protection supervisory authorities.
Notes on some questions relevant to associations:
Sample for records of association activities:
Aid to implementation of the GDPR by associations:
Formulation of GDPR obligations of staff:
Useful information is also available from associations and chambers:
www.zdh.de (under topics A-Z, The new Data Protection Act).
Brochure “Data protection in business– a helping hand for employees”– Download
Brochure “Data protection in business”– Data protection in short– Download
The BvD also reviews books, some of which may assist associations in the implementation of GDPR requirements.This also includes articles https://www.bvdnet.de/wp-content/uploads/2018/04/ERSTE-HILFE-ZUR-DSGVO-FÜR-UNTERNEHMEN-UND-VEREINE.pdf,addressing associations specifically.
Associations will last not least also benefit if their members are confident that their association will process their data only as necessary, safely and limited to purpose.
The BvD blog already published a contribution https://www.bvdnet.de/handreichungen-fuer-kleine-unternehmen-und-vereine/on sample templates specifically for associations, foundations, handicraft companies and the self-employed.
Author: Rudi Kramer, Deputy Chairman of the Board