The new Data Protection Regulation came into force on 25 May 2018. The revolution in this area was more than necessary, but it is already giving many data controllers and processors a hard time.
The new Data Protection Regulation came into force on 25 May 2018. The revolution in this area was more than necessary, but it is already giving many data controllers and processors a hard time.
The regulation will also affect the activities of members of the committees of the community of unit owners (SVJ) and members of the boards of directors of housing cooperatives (BD). In particular, the Regulation brings a number of rights to individuals whose personal data is collected and stored.
Specifically, these include the right of access to personal data, the right to rectification of inaccurate data, the right to erasure when the legal ground for processing personal data no longer exists (the so-called “right to be forgotten”) or the right to object to the processing of personal data. All this should have a regulated procedure and system. Otherwise, there is a risk of fines!
Unlike some businesses, cooperatives and homeowners associations can still use their contact databases, but they need to be properly secured. Perhaps the biggest problem for entrepreneurs is that they will often not be able to use their laboriously compiled contact databases because the consent they previously received for such use will not stand under the new regulations.
This is not a concern for cooperatives or owners’ associations. SVUs and BDs also create such databases, but they usually do not need consent because the obligation to create the lists is imposed by law. Specifically, it concerns keeping a list of members and tenants, a register of debtors, etc.
All data should be stored by the administrator in a secure environment, on a secure server.
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
However, not all activities of HOAs and cooperatives that involve the processing of personal data fall under the relevant exemption. For example, this is the situation where a CCTV system is installed in the house. This has always been a stormy topic. Under the GDPR, in order to use a CCTV system in certain cases, the controller must not only obtain consent to process the personal data of those concerned, but must also be able to provide evidence of the consent.
In practice, this means that consent must be explicit and independent. You cannot just tick off some general conditions. Often, however, a well-argued so-called “legitimate interest” of the controller will suffice instead of consent.
This emphasis on demonstrating consent also applies to the general principles of invasion of privacy. It is therefore advisable to have specific rules in the house which state how the CCTV system is handled and to demonstrably comply with these rules (e.g. not to store very old recordings and not to use them for personal interests).
The regulation of the involvement of an external processor is also stricter. This is most often an administration company, but it can also be a security agency, for example. The contract between this “outsourcer” and the JUA or BD must contain many specific requirements and guarantees (e.g. on technical and organisational safeguards for the protection of personal data).
It is now premature to evaluate the new regulation and its functioning, but it is certain that it will bring a lot of work. The Data Protection Authority also regularly informs about the obligations under the GDPR on its website.
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.
In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.
