Modern administration in the club
Create a club & try PREMIUM free of charge for 30 days
Offene Positionen anzeigen
What does a club have to pay attention to when it comes to data protection? Which content is important? What happens in case of disregard? We have prepared these and other questions for you, including a download sample & checklist on data protection for clubs in Austria, Germany and Switzerland.
The General Data Protection Regulation (GDPR for short) is an EU-wide law that came into force on May 18, 2018 with the aim to protect personal data with regard to further processing. This is not a ban on the use of personal data, but a standardization at European level how data associated with a person is handled.
This regulation is important for the reason that countless amounts of data are collected, stored and processed by every single person online as well as offline.
We know that you can't spend days studying the legal aspects of data protection (even though it's very important) — that's why we've tried to make this information compact for you.
Even though the topic of data protection is EU-wide, we have designed this article in such a way that it is particularly suitable for clubs from Austria. For clubs from Germany, please switch to the following post — data protection in Germany.
We do not assume any liability for accuracy and completeness, but we think that with this post you already have a very reliable source that will help you with your privacy policy. Anyone who would like to have more detailed knowledge prepared by one of our expert partners will club handbook What you're looking for. A 98-page free ePaper written by experts for clubs.
Together with a legal expert (lawyer), we have created a download area with 35 documents as Word samples. In addition to board proposals, our area of law many relevant legal documents relating to the most important association agendas can be purchased for little money.
As a club, you have two good reasons why you should (must) address the issue of data protection. First, you hold a large amount of personal data about your members that falls squarely under this regulation. Second, it is undoubtedly in your own best interest to protect, properly manage, and store your members’ data.
Clubs are not subject to any special regulation, but the GDPR also applies to them in full broadside. There is also no difference whether a club is charitable or profit-oriented. Members' data is sensitive data and a data breach is not only seen as a loss of trust, but can often also be very expensive.
In summary, it can therefore be said that it is hardly possible for you not to have data from your own members who are not covered by the GDPR. All that remains is correct compliance with the regulation and the correct handling of personal data as a valid option.
Get your first 6 months free with the code VP30DACH.
Save not only time, but also money!
*Valid when you purchase the first package with a duration of 12 months.
Data protection concerns just about every company, club and organization. That is why this topic is so extensive. We have summarized a few of the most important points for you:
The collection and storage of data must not be random, but is subject to the principle of minimization. This means that member data must serve a purpose, e.g. be part of the professional organization of the association. They may also be stored during and for this purpose.
This term includes all data that can be uniquely assigned to an identifiable person. These may include name, address, date of birth, special characteristics, cultural, religious, sexual orientation, scientific or social identity,...
It is important to elect a person for the task of data protection officer in advance who sees himself as a supervisory and responsible person during the ongoing process of correct processing of data. It is also important to write down who this is: e.g. as an additional title for a board member.
Responsible persons, such as board members, must keep secret the data on which they have based on their position within the club, unless there is a legal reason for transmitting the data. The member must have agreed to the transfer of data in advance.
Every member of the club has the right to view and request all their data (and why they are needed/processed) at any time. This also means that as a club, you must therefore store all members' data cleanly and keep them inaccessible to the public.
Every member has the right to object to the use of their own data. This report must be sent to the data protection officer. The agent may then no longer process the person's data. The prerequisites for objections may be improper use of the data.
A request for correction or deletion can be made informally (oral is sufficient). You are entitled to correction if the data is demonstrably incorrect (e.g. incorrect date of birth). You have the right to delete if the intended purpose of the data is no longer necessary, if the data subject objects to the use of the data or if the data has been processed unlawfully.
The person responsible (e.g. board of directors) must comply with the request immediately, but no later than one month after receipt. An extension of a further two months is possible, but reasons must also be given. The applicant must be notified immediately that the request has been received.
The term GDPR refers to the regulation which lays a legal basis for the processing of personal data. A data protection provision, on the other hand, is the record that determines the exact listing and use of the data of a specific organization or club.
Detailed information can be found at: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/EU-Datenschutz-Grundverordnung.html
To be on the safe side when it comes to data protection, we’ve worked with a lawyer to put together a sample checklist covering all the key points for you. You can download these and other inexpensive documents in our legal section for associations.
As a club, you have two good reasons why you should (must) address the issue of data protection. First: You hold a large amount of personal data about your members that falls squarely under this regulation. Second, it is undoubtedly in your own best interest to protect, properly manage, and store your members’ data.
Clubs are not subject to any special regulation, but the GDPR also applies to them in full broadside. There is also no difference whether a club is charitable or profit-oriented. Members' data is sensitive data and a data breach is not only seen as a loss of trust, but can often also be very expensive.
In summary, it can therefore be said that it is hardly possible for you not to have data from your own members who are not covered by the GDPR. All that remains is correct compliance with the regulation and the correct handling of personal data as a valid option.
lookout
Fines for improper use of sensitive data can be up to 20 million euros or 4% of the total annual worldwide revenue. Although this will usually be lower for small organizations and clubs, you should also be aware of the heavy penalties as a club.
In principle, however, it can be assumed that, in the event of first-time violations of the GDPR, the data protection authority warning will make use of. Especially if, as a club, you act to the best of your knowledge and belief and attach great importance to protecting your own member data.
However, a far more important incentive for you should be to ensure that you handle your members’ data responsibly, because that is precisely what makes for a good, trustworthy club.
Be part of over 15,000 clubs
But in order to be able to give you further help, we have worked with the same data protection expert who wrote an article in the club handbook on data protection in clubs (including image rights), which you are welcome to read through free of charge. Behind this link you can get to club handbook.
If you have any questions about clubs or our associated administration, we, the team behind Vereinsplaner, gladly available. You can easily contact us in our Help center visit. We are looking forward to your questions, wishes and suggestions.
We would like to mention once again that this information serves as a guide and will never replace thorough self-research or even legal advice. We therefore recommend that every club board thoroughly study the GDPR and, if anything is unclear, contact legal advice.
In any case, a data protection provision must be adapted to your needs and requirements in the club. Just as statutes differ in every club, data protection regulations must also be individually coordinated with the club. We have therefore deliberately given you the opportunity to change our pattern at your discretion in order to tailor it specifically to your club.
Together with nine experts from practice, we have written a 98-page ePaper on current topics relating to associations. The ePaper contains 5 chapters and 15 topics on important areas relating to the organization, members, funding, sponsors, taxes and more. A lawyer also addresses the issue of data protection. You can read the manual as a free download from the club handbook website.
This article serves as a simple source of information and club planner assumes no liability for the completeness and accuracy of this information. Vereinsplaner and the company behind it do not provide legal advice and information provided in this blog does not replace professional information from a (legal) expert in this area.
If you have any questions about clubs or our associated administration, we, the team behind Vereinsplaner, will gladly be available for you. You can easily contact us in our Help center. We are looking forward to your questions, wishes and suggestions.
