Since May 25, 2018, Non-Profit Organizations (NPOs) are required to comply with the GDPR. GDPR is much more than just accepting cookies on a website. It is an operation we all do every day without paying much attention. Have you appointed a Data Protection Officer (DPO) ? Perhaps this term is unfamiliar to you ? Do you have a record of processing activities ? We can help you comply with this legislation.
Many are unaware, but the General Data Protection Regulation (GDPR), which has been in effect since May 25, 2018, also applies to associations.
Compliance with the GDPR is not just about managing cookies and mailing lists on a website. While some associations may feel somewhat distant from the issue, it turns out that they are all potentially affected.
The GDPR applies to any organization that gathers personal data, which is any information relating to an identified or identifiable natural person, regardless of the medium (thus, the GDPR also applies to paper files).
Non-profit organizations are required to maintain a register of data processing activities (which includes the purpose of processing, types of data collected, data usage, data processors, etc.), retain data only for as long as necessary, and protect the data they hold. Associations are also required to appoint a GDPR officer (a Data Protection Officer or DPO) responsible for overseeing GDPR compliance.
Our CRM already includes a register of processing activities and lists several processing processes. We can also assist you with achieving GDPR compliance.
Once your non-profit organization is GDPR compliant, as part of your membership with La Cité Des Associations, you have access to our expertise in the role of DPO. Therefore, you no longer need to engage an external DPO.