3. Personal identity codes may only be processed if necessary
Personal identity codes may not be processed unnecessarily, so every hobby organiser needs to make sure that they have a basis for processing personal identity codes. The personal identity code is only used for identifying people and may not be used in training attendance lists or as a username, for example.
Processing personal identity codes in hobby activities can be justified if there is a need to identify individuals reliably and the identification cannot be achieved by other means. It is often possible to distinguish between individuals based on their dates or years of birth alone, in which case it is not necessary to process the complete personal identity code. The collection of personal data should always be minimised.
If you do decide to process personal identity codes, you need to know the purpose of the processing and whether it is permitted by law. Personal identity codes may only be processed with the data subject’s consent or if the processing is provided for by law. The hobby organiser must assess the processing of personal identity codes on a case-by-case basis. It must also make sure that people who do not have the right to process personal identity codes do not have access to them and cannot see them by accident. If personal identity codes are being processed, the data file must be secured effectively. Personal identity codes must not be entered on documents printed out or drawn up on the basis of the data file unless necessary.
