Practical guide to data protection (GDPR)

Monday, March 22, 2021

Jan Trnka, Polaris-Team

Data protection refers to member data or personal data of other persons involved such as guests or the speakers.

Protection of member data

The following principles must be observed:

  1. Each person must have their own credentials (user name + password). Credentials may not be shared with other persons.
  2. The term "personal data" includes all data of the person, i.e. name, first name, date of birth, address, e-mail, telephone no. profession, company, place of work, partner name, etc.
  3. Publication of personal data outside Rotary or Rotaract is only allowed with the explicit consent of the person. It must be stated which data will be passed on to whom and for what purpose.
Practical examples:
  • An assistant to the club secretary can be registered as "Other contact" in the club, have his/her own credentials and can have corresponding administration rights.
  •  A widow can be registered as an "Other Contact" in the club, have her own access and thus participate in club life.
  • The restaurant can be registered as an "Other Contact" in the Club, have its own access and receive the registration / cancellation notifications for the lunch with the corresponding menu selection by e-mail or check the registrations on the event web page.
  • The distribution of the member list within the club for internal purposes of the club, is possible without the consent of the members. The same applies to the District.
  • The disclosure of member data to a non-Rotarian organisation or to a company (also to a member's company) is only permitted with the express consent of the members.

Protection of other personal data

Such persons are guests and speakers who participate in Rotary events. The following principles must be observed:

  1. The publication of guest and speaker data outside Rotary (i.e. in public) is only permitted with the explicit consent of the person. It must be stated which data will be passed on to whom and for what purpose.
  2. The term "personal data" includes all data of the person, i.e. surname, first name, date of birth, address, e-mail, telephone no., occupation, employer, place of work, function, etc.
Practical examples:
  • A club lecture by Dr. Hans Mustermann from the University of Basel on the topic of "Drug research without animal testing" may only be published publicly with Dr. Mustermann's consent. It must be clear which information is published where.
  • A club lecture by Dr. Hans Mustermann from the University of Basel on the topic of "Drug research without animal testing" can without his consent only be announced to Rotarians and Rotaractors . I.e. Accessible on Web after login, with release for at most "All members (all units)".
  • A district event such as PETS, district conference, seminar, etc. shall be visible only to Rotarians and Rotaractors, i.e. after login, with a visibility to at most "All members (all units)".
  • A Rotary benefit concert or golf tournament may be published publicly. Consent should be sought from performers and/or organisers who are mentioned by name.

The visibility "Board members (own unit)" and "Board and Committee members (own unit)" are for internal club regulation regarding confidentiality and have nothing to do with data protection. These are the following recommendations:

  • An event in which only club members can participate should only be visible to club members.

  • An event that only board and committee members can attend may be visible for all members of the club or only to the board and committee members depending on club constitution. RI recommends to make board protocols accessible for the club members.

Visibility levels

Definition of the visibility levels

  • Board members (own unit) => visible only after login, only board members (FE) or Content Administrators (BE)
  • Board and committee members (own unit) => visible only after login, only board and committee members (FE) or Content Administrators (BE)
  • All members (own unit) => visible only after login, only club members (FE) or Content Administrators (BE)
  • All members (own district) => visible only after login, only Rotarians + Rotaracters of the own district
  • All members (own multidistrict) => visible only after login, only Rotarians + Rotaracters in the same multi-district (CH&FL, resp. France, resp. Belux, etc...)
  • All members (all units) => visible only after login, only Rotarians + Rotaracters + members of special clubs and committees in CH & FL resp. France, resp. Belux, etc...)
  • Public teaser => first 3 lines visible without login, the rest only after login, only Rotarians + Rotaracters + members of special clubs and committees in CH & FL
  • Public => visible without login