THE CHARITY AND THE GDPR
It's a association which aims to help people in difficulty, whether in the fields of health, education, humanitarian aid, etc.
The charity is aimed at any person or group of people who wish to carry out actions to help and support people in difficulty or for social, humanitarian, environmental causes, etc. The actions carried out can take different forms, such as fundraising, distribution of food, support for people in precarious situations, carrying out sustainable development projects, etc.
Charities can be founded by individuals, religious organizations, businesses, local authorities, neighborhood associations, etc. Members of a charity can be volunteers or employees, depending on the resources available to the association.
L'charity is generally an association under the 1901 law. It must comply with the rules of transparency and democratic management specific to associations, as well as the regulations in force regarding fundraising and the distribution of aid. It can also be recognized as being of public utility if it meets certain conditions, which can give it access to tax and financial advantages.
Charities may process different categories of personal data, including:
- Identification data: surname, first name, address, date of birth, telephone number, email address, etc.;
- Financial data: information relating to donations made (amount, date, method of payment, etc.), banking information, etc.;
- Health data: if the association is required to collect health data (for example, as part of vaccination or screening campaigns);
- Data on community involvement: history of volunteer activities, donations or sponsorships made, etc.;
- Data on people helped: if the association works with a specific population (people in precarious situations, sick people, people with disabilities, etc.), it can collect data on their social situation, their state of health, etc.
However, this data must be treated with particular care to respect the privacy of the persons concerned.
It is important to emphasize that charities are required to comply with regulations relating to the protection of personal data, in particular the General Data Protection Regulation (GDPR).
Importance of the GDPR for charities
Charities regularly handle sensitive personal data of their beneficiaries, donors, and other stakeholders. This data may include personally identifiable information such as names, addresses, telephone numbers, and email addresses, as well as sensitive data such as medical information or criminal records. The GDPR aims to ensure that this data is handled securely and transparently, thereby protecting the privacy of the individuals concerned.
GDPR principles applicable to charities
Legality, loyalty and transparency: Charities must process personal data lawfully, fairly, and transparently. This includes clearly informing individuals about how their data is used and obtaining their explicit consent to process their data.
Limitation of purposes: Personal data must be collected for specific, explicit and legitimate purposes, and must not be further processed in a manner incompatible with those purposes.
Data minimization: Charities must ensure that they only collect and process personal data that is strictly necessary to achieve the purposes for which it was collected.
Exactness: Personal data must be accurate and, where necessary, kept up to date. Charities must take all reasonable steps to ensure that inaccurate data is rectified or deleted.
Conservation limitation: Personal data should only be kept for as long as necessary to achieve the purposes for which it was collected.
Integrity and confidentiality: Charities must ensure the security of personal data by implementing appropriate technical and organizational measures to protect data against unauthorized access, modification, disclosure or destruction.
Recommendations to ensure compliance with the GDPR
Appoint a Data Protection Officer (DPO):
Charities must appoint a DPO to oversee and manage the GDPR complianceThe DPO will be responsible for implementing data protection policies and procedures, as well as staff training and awareness.
Establish data protection policies and procedures:
Charities must implement clear policies and procedures to ensure the protection of the personal data of their beneficiaries, donors, and other stakeholders. This may include measures such as limiting access to personal data, implementing security procedures for data storage and processing, and regularly training staff on good data protection practices.
Obtain explicit consent:
Charities must obtain explicit consent from their beneficiaries, donors, and other stakeholders for the collection and processing of their personal data. This can be achieved by providing clear information about the purposes of data collection, the third parties who may access the data, and the rights of the individuals concerned.
Ensure the security of data transfers:
Charities must ensure that transfers of personal data outside the EU are carried out in accordance with GDPR requirements. This may include implementing standard contractual clauses approved by the European Commission for international data transfers.
To conclude, the GDPR is a crucial element of protecting the personal data of EU citizens, and charities must ensure they comply with its requirements. By implementing clear data protection policies and procedures, obtaining explicit consent from stakeholders, ensuring the security of data transfers, and appointing a DPO, charities can protect the personal data of their beneficiaries, donors, and other stakeholders and maintain their trust in their activities.
EN 
FR 
DE 
ES 
EL 
IT 
HR 
PT 
NL 
DE_AT 
ET 
FI 
LV 
LT 
SK 
SL