Evidence proving compliance with the GDPR2
All websites operated by Kulturserver itself contain DSGVO-compliant data protection notices. Furthermore, all documents required for compliance with the GDPR (directory of processing activities, process manual, documentation of GDPR-relevant activities) have been prepared and a data protection officer has been appointed. Information relevant to partner projects is provided to the responsible persons personally, general information is provided via the CultureBase support page. Order processing contracts are concluded with all partners.
Data protection impact assessment (risk analysis)3
A data protection impact assessment is only mandatory if "a form of processing, in particular where new technologies are used, is likely to result in a high risk to the rights and freedoms of natural persons by virtue of the nature, scope, context and purposes of the processing" (GDPR, Article 35). This is not the case with the data available in the CultureBase database, therefore Kulturserver does not need to carry out a DSFA.