Why You Need to Care About GDPR
Every time you collect an email address, a name, home address or phone number, you are obtaining someone’s personal data. If any of those people are citizens of the European Union, you must adhere to the new rules. But don’t stress! We’ll explain the basics and provide some tips to help you transition.
The GDPR was developed to modernize the current EU data protection laws with a stronger focus on an individual’s rights and privacy. While some of the legislation is stricter and the penalties for non-compliance are tougher, the ultimate goal is to improve trust in the digital ecosystem.
To that end, EU citizens will have several new rights to help them take more control of their own data. Here are the most important user rights that apply to local councils:
- Right to be forgotten gives someone the power to ask a company to delete ALL of the data that is associated with that person. If a user makes a request, you must delete all the data stored in your databases and anything else associated with the user.
- Right of access allows your parishioners to ask exactly how you are using their data and for what purposes. If a request is made, you’ll need to provide a personal data report at no cost to them.
- Breach Notification is mandatory under the GDPR, which means you have 72 hours from becoming aware of the breach to notify parishioners.
- Right of portability lets people request their data, which means you would need to download a file of all their data in a ‘commonly used and machine-readable format’.
Now that each individual has the power to request or delete their data, you need to think about what data you really need and what data you can live without. The more data you collect, the more documentation and management is required to quickly address a data request.