Report on the implementation of data protection law recommendations at BIO Deutschland
The EU General Data Protection Regulation (GDPR) also requires a trade association like BIO Deutschland to develop policies for collecting, processing and storing personal data (e.g. names, addresses, dates of birth, email addresses). We therefore set up a data protection team at our headquarters to review the association’s data processing activities in various areas, including core processes, IT, finance, purchasing, marketing and human resources. After an auditing procedure, BIO Deutschland’s data protection officer made recommendations for action for improving data protection in the respective areas. The association’s data protection team has set out measures to implement these recommendations, such as developing a handbook that makes BIO Deutschland’s data processing practices transparent. In addition to information on the hard- and software used, the handbook will make clear what processes will be put in place to secure and restore data in the event of business disruption. It will also include a list of the responsible staff members and their contact details.