Between now and 25th May 2018 - and beyond - we are fully focused on enhancing ChurchDesk to enable easier compliance for churches. With this article we want to highlight the initiatives that ChurchDesk is taking to help you become GDPR compliant.
On 25th May 2018, the EU’s General Data Protection Regulation (GDPR) comes into force, putting far greater pressure on churches to manage, protect and dispose of citizens’ personal data in an appropriate manner.
At ChurchDesk we see GDPR as a great opportunity to clean up data collected over the years and gather it all in one place. With ChurchDesk People you can store all of your contact data in a secure system and ensure that only those with the right permission have access to it. ChurchDesk Forms allows people to submit and update their data through a secure channel, ensuring that the data is correct and that only those with the right permission have access to their data.
With this article we want to highlight the steps that ChurchDesk is taking to help you become GDPR compliant.
A key principle of GDPR is to make it easy for a person to decide what they want to receive from you in terms of communication. In principle this makes total sense! Why send something to people that they do not want to hear about?
We’re introducing a consent solution that will help you collect consent easily through ChurchDesk Forms which is automatically stored in ChurchDesk People.
Knowing the people who wish to be contacted and what they want to hear about will allow you to personalise your communication and ensure that more people open and read your emails more frequently.
Our Consent functionality tracks how you received the consent, the IP address of the consent giver and the timestamp of the consent. The functionality is also useful for Photo consent.
We’re making it easy for you to offer double opt-in on your forms. This is a way to ask a person to confirm their consent. This is also useful if you need to refresh consent previously given, i.e. if your required consent has changed or is poorly documented. We’re making it easy for you to offer double opt-in on your forms.
Data Security Page
Like all organisations, the church is obliged to inform and document how they’re processing data, who’s responsible for keeping it safe, how long data is stored, etc. To make this documentation easy to find organisations are recommended to include a link from all forms where data is collected.
As an improvement we will help you define the data security page under Settings. By doing that ChurchDesk will automatically insert the link on all forms, payment pages, your website, etc.
Access and permission control
Today, you can decide who should have access to ChurchDesk People and thereby you have built in access control for personal data. However, we are now adding another level of permission to ensure that more users can carry out work in ChurchDesk People without compromising sensitive or even special category data.
Organisation administrators will soon be able to specify sensitive fields in ChurchDesk People. Marking a field as ‘sensitive’ ensures that only users with the dedicated permission ‘view sensitive information’ in ChurchDesk People can access those fields. This will enable you to have some users access People to send out communication without having access to view personal data such as medical notes, dietary requirements and allergies.
See and export contact data
GDPR includes as a basic right for people to access their data and get this data out in an electronic format (also called data portability). Today, you can already request to get access to a user’s or contact’s data in an electronic format by writing us at firstname.lastname@example.org.
To make this easier and smarter we are introducing a way for you to easily download all data within ChurchDesk on a specific contact. By clicking this button we will collect all data automatically and make it available for download right away.
Should you get any requests before this deadline then please just reach out to us. We’re happy to help with an export.
We appreciate the questions we’ve already received from many of you, and have answered some of the most frequent questions below.
When is the data processing agreement available?
As a church you need a data processing agreement with all software providers you use to handle personal data.
The data processing agreement is available from within ChurchDesk and is free of charge.
How do we sign the data processing agreement?
With GDPR we introduce a legal section within the ChurchDesk application where all Organisation Administrators can access, review and sign required legal documents.
The legal documents are already available from within ChurchDesk and they are free of charge. With GDPR we will also introduce a legal section in ChurchDesk where all Organisation Administrators can access and sign required legal documents, including the data processing agreement.
Will ChurchDesk provide any material that can help us get compliant?
We’ve already published comprehensive material on GDPR, including a free guide with background information, examples and practical advice. We’ve also held webinars on how to be GDPR compliant in your church. They are recorded and available online. As we’re delivering the GDPR features mentioned above, we’ll also be writing related support articles that explain how to get compliant using these features.
Will ChurchDesk be able to comply with the right to be forgotten?
Yes! Already today you can request contacts and users to be fully deleted from ChurchDesk and related backups. Simply make the request to email@example.com to avoid accidental deletes.
Need help or advice?
We are here to help you get ready for 25th May 2018 and make sure your church successfully implements the requirements of GDPR.
If you haven't already started on the implementation we strongly recommend you to get started as it has several aspects and we only want for you to continue in your mission and run your church smoothly. We are available if you have any questions. Just send us an e-mail at firstname.lastname@example.org or give us a call at 020 3808 5097.