A bureaucratic spectre from brussels is currently also frightening volunteers in association work – the basic data protection regulation. The new directive of the european union comes into force on the 25. May in force and is intended above all to better protect personal data. Volunteers in associations must also be more careful with data in the future.
New basic data protection regulation: rights for customers and consumers are strengthened
"there are certainly also one or two associations that are taking this opportunity to look a little more closely at data protection requirements for the first time ever.", says alexander filip. However, the spokesman for the bavarian state office for data protection supervision does not see any reason for concern or even panic.
The wurzburg chess club has already informed itself about the changes. "In the future, we want to disclose in the articles of association what data is collected from members", says the chairman werner lang. He takes issue with the fact that even small associations are burdened with additional bureaucracy, while global corporations have their own legal departments for data protection. The chess club currently has 76 members. Since only three members of the executive board process personal data, there is no need to elect a data protection officer, according to the chairman of the board.
Data protection officer wanted
According to information from the bavarian state office for data protection supervision, a data protection officer only has to be appointed if at least ten people regularly process personal data. This is currently creating a lot of additional work for raimund schafer. He is the managing director of the wurzburg gymnastics club and must implement the new regulations.
Since the association is divided into twelve departments, a correspondingly large number of department heads also have access to data. "The search for a data protection officer is proving difficult. It's an honorary position that doesn't come with a lot of emotions", says schafer. Nevertheless, he is confident that he will be able to reach the 25. May find someone outside the board of directors to take over the position.
In another matter, however, the managing director is less optimistic. Until now, members' birthdays were published in the club's own magazine. "In the future, we won't be able to do this bureaucratic work anymore, says raimund schafer. Because for this a permission must be caught up from each member beforehand.
Caution with photos
Photos of events, such as sports competitions or club festivals, can be published without the consent of the persons concerned. "It is different with minors, because they are particularly vulnerable. If minors are involved, publication is therefore only permitted with their consent", filip clarifies.
Whenever personal data is processed, clubs must document the activity in the future to protect the personal data. If, for example, the photo of an award ceremony is to be published on the website of the sports club, a directory must be created. Among other things, this must show who uploaded the image and on what date, what purpose the publication serves, and when it is expected to be deleted. But also in the case of payroll accounting, the administration of contributions and the joining or leaving of members, the so-called "processing activities" must be carried out by a member of the association be documented, according to the state office.
Update virus scanner
Technical measures are also required to protect the personal data. For example, it must be ensured that only authorized persons can access the data and that the computers are protected with passwords. In addition, operating systems and virus scanners must be constantly updated.