GDPR will complicate the life of chairmen of housing cooperatives and SVJs

JUDr. Ondřej Preuss, Ph.D.
4. April 2018
3 minutes of reading
3 minutes of reading
HOA and housing cooperatives

The new Data Protection Regulation came into force on 25 May 2018. The revolution in this area was more than necessary, but it is already giving many data controllers and processors a hard time.

The regulation will also affect the activities of members of the committees of the community of unit owners (SVJ) and members of the boards of directors of housing cooperatives (BD). In particular, the Regulation brings a number of rights to individuals whose personal data is collected and stored.

Specifically, these include the right of access to personal data, the right to rectification of inaccurate data, the right to erasure when the legal ground for processing personal data no longer exists (the so-called “right to be forgotten”) or the right to object to the processing of personal data. All this should have a regulated procedure and system. Otherwise, there is a risk of fines!

Unlike some businesses, cooperatives and homeowners associations can still use their contact databases, but they need to be properly secured. Perhaps the biggest problem for entrepreneurs is that they will often not be able to use their laboriously compiled contact databases because the consent they previously received for such use will not stand under the new regulations.

This is not a concern for cooperatives or owners’ associations. SVUs and BDs also create such databases, but they usually do not need consent because the obligation to create the lists is imposed by law. Specifically, it concerns keeping a list of members and tenants, a register of debtors, etc.

All data should be stored by the administrator in a secure environment, on a secure server.

Are you solving a similar problem?

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

I want to help

  • When you order, you know what you will get and how much it will cost.
  • We handle everything online or in person at one of our 5 offices.
  • We handle 8 out of 10 requests within 2 working days.
  • We have specialists for every field of law.

Watch out for the CCTV system in the house

However, not all activities of HOAs and cooperatives that involve the processing of personal data fall under the relevant exemption. For example, this is the situation where a CCTV system is installed in the house. This has always been a stormy topic. Under the GDPR, in order to use a CCTV system in certain cases, the controller must not only obtain consent to process the personal data of those concerned, but must also be able to provide evidence of the consent.

In practice, this means that consent must be explicit and independent. You cannot just tick off some general conditions. Often, however, a well-argued so-called “legitimate interest” of the controller will suffice instead of consent.

The contract with the external processor should be carefully handled

This emphasis on demonstrating consent also applies to the general principles of invasion of privacy. It is therefore advisable to have specific rules in the house which state how the CCTV system is handled and to demonstrably comply with these rules (e.g. not to store very old recordings and not to use them for personal interests).

The regulation of the involvement of an external processor is also stricter. This is most often an administration company, but it can also be a security agency, for example. The contract between this “outsourcer” and the JUA or BD must contain many specific requirements and guarantees (e.g. on technical and organisational safeguards for the protection of personal data).

The Data Protection Authority informs about the latest developments

It is now premature to evaluate the new regulation and its functioning, but it is certain that it will bring a lot of work. The Data Protection Authority also regularly informs about the obligations under the GDPR on its website.

Sdílejte článek


Are you solving a similar problem?

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

I want to help

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

Education
  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

You could also be interested in

We can also solve your legal problem

In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.

Google reviews
4.9
Facebook reviews
5.0
5 200+ people follow our Facebook
140+ people follow our X account (Twitter)
140+ people follow our LinkedIn
 
We can discuss your problem online and in person

You can find us in 4 regional towns

Quick contacts

+420 775 420 436
(Mo–Fri: 8–18)
We regularly comment on events and news for the media