Skip to content
Tietosuoja haltuun harrastustoiminnassa -hankkeen logo, jossa on tietosuojalainsäädäntöön ja lapsiin liittyvä kirjainlyhenne GDPR4CHLDRN. Tietosuoja haltuun harrastustoiminnassa -hankkeen logo, jossa on tietosuojalainsäädäntöön ja lapsiin liittyvä kirjainlyhenne GDPR4CHLDRN.
Search
  • English
    • Suomi
    • Svenska
    • English
  • Front page
  • Guiding materials
    • Board of the association
    • Coaches and instructors
    • Parents
    • Children and young people
  • Material bank
    • Term bank
    • Quizzes
    • Downloadable materials
    • Data protection icons 
    • Articles
  • Information on the site
  • English
    • Suomi
    • Svenska
    • English
  • Front page
  • Guiding materials
    • Board of the association
    • Coaches and instructors
    • Parents
    • Children and young people
  • Material bank
    • Term bank
    • Quizzes
    • Downloadable materials
    • Data protection icons 
    • Articles
  • Information on the site
Search
  1. Front page
  2. Board of the association
  3. Starting page
Skip to page content

Board of the association

  • Starting page
  • Why is the protection of personal data important?
    • 1. Privacy is a fundamental right
    • 2. Sensitive personal data requires particularly careful protection
    • 3. Personal identity codes may only be processed if necessary
  • What roles are involved in processing?
    • 1. The controller is responsible for the processing of personal data
    • 2. A processor acts on behalf of the controller
  • What principles must be observed in the processing of personal data?
    • 1. Take data protection into account from the start and in all circumstances
    • 2. Processing requires a basis
      • 2.1 Legal bases for processing personal data
      • 2.2 Consent requires an indication of the participant's wishes
      • 2.3 Consent from minors
    • 3. Only use personal data for the planned purposes
    • 4. Inform data subjects transparently of the processing of personal data
    • 5. Only process necessary personal data
    • 6. Only process accurate personal data and rectify inaccurate data
    • 7. Ensure the security of processing
    • 8. Define storage periods for personal data and erase unnecessary data
      • 8.1. Storage period
      • 8.2. Storage location
      • 8.3 Erasure 
    • 9. Demonstrate compliance with data protection legislation
  • What obligations does a hobby organiser have in the processing of personal data?
    • 1. Fulfil the participants' data protection rights
    • 2. Describe the hobby organiser's processing of personal data with a record of processing activities
    • 3. Agree on processing
    • 4. Assess the risks and impact of processing
    • 5. Report personal data breaches
    • 6. Only transfer personal data out of the EU if the conditions are met
    • 7. Give people involved in the hobby instructions and training in data protection
    • 8. Manage the life cycle of personal data from planning to collection, storage and erasure
  • What should you take into account when publishing photos and videos?
  • What should you take into account when processing health data in hobby activities?
  • What should you take into account when disclosing personal data in hobby activities? 
  • Annex 1: Consent form - template
  • Annex 2: Comics to inform about data protection

Information for the board of the association

Privacy is a fundamental right. Children, young people and their parents must be able to feel secure that their personal data in hobby activities is being processed according to law.

Guide for the board of the association

This page contains guidelines especially designed for people in administrative roles in associations. The guidelines help with fulfilling the association’s statutory data protection obligations in its everyday activities. The guides include illustrative examples, and essential information is summarised and highlighted in info boxes.

You can browse the guide from the table of contents on this page. You can also download the guide in PDF form by clicking on the link below.

Browse the guide
Downloadable file
Download guide (.pdf)

Data protection icons

In the guide, you will find icons shown below. They provide information on data protection in a visual form. Associations are free to use these icons, for example, in their own communications.

Read more about the icons
The icon features a person holding a flag with a closed padlock on it. The icon is surrounded by a light green frame. The icon is used to indicate that the situation involves the processing of personal data subject to data protection legislation.
The icon features an open palm holding a rectangle, which represents personal data, with a symbol depicting a person in the centre. The icon is surrounded by a light green frame. This icon can be used to express that the situation involves the controller's obligations related to the processing of personal data.
The icon features a rectangle representing personal data, with a plus sign in the bottom right corner. The icon is surrounded by a light green frame. The icon can be used to indicate that the instructions concern the processing of personal data concerning the data subject.
The icon features a child holding a balloon. On the right-hand side of the child, there is a rectangle representing information and a magnifying glass. The icon is surrounded by a light green frame. The icon can be used to show that the personal data being processed or instructions that relate to processing of data concern children.
The icon features a rectangle depicting information. There is an eye crossed over with a line on the bottom right corner of the rectangle. The icon is surrounded by a light green frame. The icon can be used to indicate the processing of special categories of personal data or instructions for such processing.
The icon features a closed padlock with a symbol depicting a person in the middle. The shackle of the padlock is broken. The icon is surrounded by a light green frame. This icon can be used to express that the situation involves a personal data breach.

Test your knowledge on data protection

You can test your basic knowledge of data protection with a short quiz that supports learning. After taking the quiz, you will receive a report telling you how well you did. If necessary, the report will refer you to additional information in the parts of the guide that will benefit you the most.

Board of the association

Test your knowledge

Guidance for coaches and instructors

This site also includes guidelines and a quiz for coaches and instructors. You can, for example, ask your association’s coaches and instructors to become familiar with the materials designed for them and direct them in taking the quiz.

View the materials for coaches and instructors

Articles for associations

Articles and blog posts are supporting texts for the guides on the website.

Associations

Data protection is a fundamental right for minors – what does it mean?

Everyone, regardless of age, has the right to the protection of personal data concerning him or her and everyone has the right to their own personal data. Minors can exercise their data protection rights themselves, but their custodians may also have the right to exercise these rights on behalf of their child. In this article, we tell you when a custodian is permitted to exercise data protection rights on behalf of their child and when this is not possible. What does the controller have to consider before disclosing a minor’s personal data to their custodian?

Read more
Associations

Processing children’s health data in hobby activities

Based on the initial survey of the GDPR4CHLDRN – ensuring data protection in hobbies project, people have questions about the processing of children’s health data, especially data on allergies, in hobby activities. This article is meant to provide some guidelines for the appropriate processing of children’s health data in hobby activities.

Read more
Associations

Is your association storing unnecessary data on its members?

Many kinds of personal data, such as names, personal identity codes, addresses, allergy information, bank account numbers, dates of birth, photographs and videos are processed in hobby activities. Personal data cannot usually be stored indefinitely. Instead, a specific storage period must be defined for them, and the data must be erased when that period has elapsed. As a rule, personal data may only be stored for as long as necessary. Read the article for tips on the storage of personal data.

Read more
Why is the protection of personal data important?
The logo of the Office of the Data Protection Ombudsman.
The logo of TIEKE Finnish Information Society Development Centre.

The European Union flag, with the text "Funded by the European Union" on its right-hand side.

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Commission. Neither the European Union nor the granting authority can be held responsible for them.

Information on the website

The site contains material that provide information on data protection legislation and the protection of personal data, especially for children and young people aged 13–17, their parents, and associations that organise hobby activities. The website has been developed in the GDPR4CHLDRN – Ensuring data protection in hobbies project (2022–2024) implemented by the Office of the Data Protection Ombudsman and TIEKE.

Feedback about the site can be given by e-mail to the address tietosuoja@om.fi. In the message field, you must mention tietosuojaharrastuksissa.fi, so that the feedback is directed to the correct address.

  • Data protection on the website
  • Accessibility statement
Guiding materials
  • Board of the association
  • Coaches and instructors
  • Parents
  • Children and young people

© 2024 Office of the Data Protection Ombudsman and TIEKE. The site uses free Font Awesome icons. The icons have not been changed. License: CC BY 4.0

Touched by Hutcode