Even friendly societies are considered to be organisations within the meaning of the GDPR. That is why they also have to comply with the legal regulations. The GDPR does not differentiate if personal data is being processed by organisations or associations. Friendly societies have to implement the same measures as profit-orientated organisations. An economical differentiation does not take place here.
The effort for the implementation of the GDPR for associations is very high without suitable auxiliaries. The demanded risk analysis and the creation of the Record of Processing Activities alone can last many hours or days if the right tools are not available.
The GDPR also demands that personal data has to be protected against unauthorised access optimally (“state of the art“). That means for associations that technical and organisational measures have to be implemented.
Technical measures can be:
- Saving and transferring the list of members only if it is encrypted (e.g. via email).
- Assigning access privileges for sensible data.
- Protecting computers with endpoint protection and firewalls.
Organisational measures can be:
- Printed out membership lists are stored away in a lockable file cabinet.
- The association office has an alarm system available.
- The data of members is only being managed by certain persons.
We have the optimal solutions for associations to implement the GDPR cost-effectively with easyGDPR. We divide the process in three elements for you: GDPR status, measures and documentation.
In the first step, easyGDPR inquires the current data protection status of your organisation. Our online tool will specifically ask you about the necessary information, you can answer these questions at the click of a mouse.
Immediately after finishing the questionnaires you are receiving your result. The summary shows you in what areas your association already fulfils the GDPR and in what areas further measures are necessary. easyGDPR also suggests technical and organisational measures to fulfil the GDPR requirements for you.
The necessary measures are separated into organisational and technical measures. With the GDPR status you are getting an overview of what measures are required. We can assist you with the implementation, you can find more information at easyGDPR consulting.
Without the right tool the mandatory data protection documentation can be a protracted and complex matter. With easyGDPR you can simplify and shorten this effort strongly. Thanks to many templates most of the processing steps are already filled out and only have to be slightly adjusted. This multi-sided documentation can be created in a short space of time and afterwards you can also print it out.
Additionally, you have to document what personal data is being transferred to service providers (organisations or associations). In almost every association these processes exist, for example the transfer of:
- Lists of the members to parcel services for the delivery of parcels and letters (annual report, payment of contribution, invitations for the Christmas celebration)
- Email addresses to providers like MailChimp, RapidMail, etc. for sending out newsletters
Every transfer of personal data to other organisations or associations (so-called data processors) does not only have to be documented but also has to be contractually agreed. If you are not fulfilling these regulations, the data transfer is illegal and high penalties can be imposed. With easyGDPR you can implement these required measures quickly and automated. Your register of data processors (Version Lite) and the necessary contracts (Version Standard) are automatically generated and can be printed out at any time.
Advantages of easyGDPR Lite
- Cost-effectively solution
- GDPR Quick Check for an immediate overview
- Documentation of the data processors
- Create the required GDPR documentation via generator
- Suitable for associations