This page contains all material that AYY has gathered to assist associations in the intricacies of the new EU General Data Protection Regulation (GDPR). The regulation comes into effect on the 25th of May 2018, when the practices concerning personal data should be in order and documented.
The materials for the training held on the 9th of April in Otaniemi: https://inside.ayy.fi/display/TIET/General+Data+Protection (requires you to log in using your Aalto University username and password).
Sample documents for associations:
The above website also contains example documents for the privacy statements and the data protection policy for associations, frequently asked questions and general information on the subject. N.B! The documents are there only to act as models, and they should be edited to fit each association specifically.
An important thing to consider is that in about a month, on the 25th of May, each association should have the required documents on data protection and other issues in order with the regulation requirements. The least an association needs are a data protection policy and a privacy statement for all different registers, for example a member register and event signup registers. If an association has other registers, they all need their own privacy statement. To draft the documents, you should prepare answers for the following issues in advance:
1. Find out what personal information data your association has. Where and why? (contents and retention period of data)
2. Ensure the safe keeping of the data and that it is up to date and remove redundant information.
3. Who is in charge of GDPR, and who should know about it? Who are handling data? Decide roles and the division of responsibilities in your association and ensure continuity.
4. Draft the documentation: Privacy statements and instructions for the people handling personal data.
5. Plan how you will act and communicate in case something goes wrong.
If you have any questions on GDPR, you can contact the AYY ICT specialist Petteri Nummela at petteri.nummela(at)ayy.fi.