Non-profit associations are also considered organizations within the meaning of the GDPR. Therefore, they are also obliged to comply with the legal requirements. In this context, the General Data Protection Regulation does not distinguish whether personal data is processed by companies or associations. Therefore, the same measures must be implemented for non-profit organizations as for profit-oriented companies. Thus, an economic distinction does not take place.
The effort to implement the GDPR is very high for associations without suitable tools. The required risk analysis alone, as well as the creation of the processing directory, can take many hours to days if appropriate tools are not available.
Furthermore, the GDPR requires that personal data be protected against unauthorized access in the best possible way (“state of the art“). For associations, this means that technical and organizational measures must be implemented.
Technical measures include:
- Store and transmit member lists only in encrypted form (e.g. by e-mail).
- Assignment of access rights for sensitive files.
- Protection of computers using endpoint protection and firewalls.
Organizational measures include:
- Printed membership lists are stored in lockable filing cabinets.
- The clubhouse has an alarm system.
- Member data is managed only by specific individuals.
With easyGDPR Lite, we have the optimal solution so that associations can also implement the DSGVO cost-effectively. We divide the process for you into three components: DSGVO status, measures and documentation
In the first step of easyGDPR, the current data protection status in your company is queried. Our online tool asks specifically for the necessary information, you can answer these questions with a click of the mouse.
You will be presented with the result immediately after completing the test. The summary shows you in which areas your association already complies with the GDPR and in which areas further measures are required. In addition, you will also receive suggestions for technical and organizational measures to meet the requirements of the GDPR.
The necessary measures can be divided into organizational and technical measures. The DSGVO status gives you an overview of which measures are required. We can support you in the implementation, more information is available under easyGDPR consulting.
Mandatory data protection documentation is a lengthy and complex matter without the right tools. With easyGDPR, this effort can be greatly simplified and shortened. Thanks to various templates, most processing steps have already been recorded and only need to be minimally adjusted. You can create this multi-page documentation in a short time and then print it out.
Furthermore, you must document which personal data is passed on to service providers (companies or other associations). In almost every association there are such processes, for example the passing on of
- Member lists to parcel services or the post office for the delivery of parcel and letter mail (annual report, subscription notice, invitation to the Christmas party)
- Email addresses to providers such as Mailchimp, Rapidmail, etc. for newsletter distribution.
Any transfer of personal data to other companies or associations (so-called order processors) is not only subject to documentation (in the so-called order processor directory), but must also be contractually agreed. If these points are not met, the data transfer is illegal and high fines may be imposed. With easyGDPR, you can implement these required measures quickly and automatically. The order processor directory (from version Lite) and the necessary contracts (from version Standard) are generated automatically and can be printed out by you at any time.
Advantages easyGDPR Lite
- Most cost effective solution
- DSGVO quick status for instant overview
- Processor documentation
- Required DSGVO documentation can be created via generator
- Suitable for clubs
- Buy now in easyGDPR Shop
Contact us for more information
Let’s solve your data protection problems together
Use our contact form or call us at +43 2262 / 67 20 40