General Data Protection Regulations

By andymoyle, Friday, November 3rd, 2017 at 8:29 am


On the 25th May 2018 all organisations within the EU will have to comply with the new General Data Protection Regulations (GPDR). That’s a good thing surprisingly as our personal data will have to be handled more responsibly and with permission.

If you are not EU based, it’s still common sense so do please read on!

You’ll need a robust GPDR policy – I’ll let you know when I find one!

The church admin plugin and therefore your website holds personal data – names, address, email, phone, mobile, children and you can contact people by email and sms.

You’ll need to keep records as to how the permission was given.
You’ll need to keep it for only as long as it is operationally needed – delete it when people leave
You’ll also need to think about what other personal data you keep on paper and online and how secure it is – giving records, gift aid forms and so on.
I need to make some big changes to the plugin to make sure we can be compliant.
Here’s what I’m working on…

A report pdf for a household of what data is stored (people can make a “Subject Access Request” for free from 25th May 2018)
Communication preferences on the register screen (explicit permission for email, sms, phone and mail)
Two way Mailchimp synchronisation 
A printable pdf form for each household explaining what data is held, confirming permissions with space for signatures of all over 16s in the household. My suggestion is that you get everyone in your church to respond to that and then file it so you are covered!
If you think I’ve missed anything let me know!
That’s quite a lot of work! To help us all comply with the new regulations (and call it common sense practice for non EU users), would you sponsor some of my time on it – I’ve been working on the Mailchimp sync for 20 hours so far. Here’s the sponsor link.

What you need to do…
1) Make sure you have an SSL certifcate on yoursite – so it is https://your.website
2) Make sure all church admin shortcode that reveal personal data (mainly the address list) are only viewable on logged in pages – best way is to use the “Create User Accounts” button on the People tab and then set your shortcode to loggedin=TRUE