Publicidad

GDPR compliance can cost your association fines up to €30,000 if not handled correctly. Cannabis associations manage especially sensitive data requiring maximum protection.

GDPR Sanctions for Associations

  • Minor: Not properly informing members — €600 to €3,000
  • Serious: No explicit consent — €3,001 to €10,000
  • Very serious: Unreported security breach — €10,001 to €30,000

Member Rights You Must Guarantee

Publicidad
  • Right to Information — Clear statement of what data you collect and why.
  • Right of Access — Copy of all their data within 30 days.
  • Right of Rectification — Correct incorrect data immediately.
  • Right to Erasure — Delete data when requested (right to be forgotten).
  • Right to Portability — Provide data in exportable format.

Mandatory Documentation

Record of Processing Activities (ROPA), Privacy Policy, Informed Consent forms, Contracts with data processors, Security breach protocol.

⏰ 72-Hour Rule for Breaches

You must notify the AEPD (Spain's data protection authority) within 72 hours of detecting a security breach.

🔒 GDPR Compliant Software

THC Gestión is 100% GDPR compliant: encryption, audit logs, consent management and automated rights processing.

Protect Your Association Today