General Data Protection Regulation: First Aid for Companies and Associations - The Immediate Action Package for Germany

General Data Protection Regulation: First Aid What do organisations that hold or process personal data need to know? From 25th May, 2018, the European Union's General Data Protection Regulation, GDPR for short, applies. It creates a completely new basis for all data protection in the European Union. The fines for breaches have been drastically increased. In addition to large enterprises and other types of large scale organisation, small companies or free-lancers, small associations, clubs, societies and non-profit making organisations in many shapes and forms are entrusted with a lot of personal data - be it customer or client data, member data, employee data, or supplier data. Clubs and associations often have documentation that allows deep insights into the personal situation of their members. All organisations which hold or process this type of data are defined as 'controllers' under the GDPR. It is therefore essential for the respective 'controllers' to know the requirements of the GDPR. This publication informs you concisely and clearly regarding the content and the mandatory requirements relating to data processing in the GDPR. In particular it answers the following questions: - Which data is covered by data protection? - Is it necessary to nominate a Data Protection Officer? - Which obligations to provide information must be fulfilled proactively? - What information needs to be included in the records of data processing activities? - When is it permissible to forward data to other persons or organisations? - Which special requirements are there for photographs on your own website? Templates and check lists help you prepare and implement the legal requirements of the General Data Protection Regulation. Numerous examples demonstrate legal pitfalls and how to avoid them. This publication is aimed at owners of small companies, those responsible for data protection within small companies, chairpersons and members of clubs or associations and many other types of non-profit making organisation, as well as anyone else who wishes to gain a quick overview of the requirements of the data protection legislation. About the authors This publication was created by data protection experts. Dr. Eugen Ehmann is Vice-President of Central Franconia (Bavaria) and co-author of Ehmann/Selmayr, Kommentar zur DS-GVO (Commentary on the GDPR). Thomas Kranig is President of the Data Protection Authority of Bavaria for the Private Sector.