Is your church GDPR Compliant?
The relationship between websites and the information they collect about the people who use them is changing on May 25th, 2018. In this article I talk about why GDPR matters to your church or organization, explain what it is, and give you step by step instructions to make your church compliant.
Before I launch fully into this post, it is important for me to say that what follows does not constitute legal advice. While I have researched the law extensively and understand what steps you need to take to remain compliant, I am not a GDPR Compliance Officer.
Failure to comply with GDPR can result in a fine of 4% of global revenue or 20 million euro’s, whichever is greater. GDPR applies to all websites which may be visited by a European – regardless of whether the visiting European is physically in Europe.
what is GDPR?
GDPR stands for General Data Protection Regulation. It is a set of laws enacted by the European Union that come into effect on May 25th, 2018. From a certain angle, data compliance law is pretty boring stuff. From another angle, it matters on almost every level. After all, in a post Cambridge Analytica world, it is all to evident that aggregate information about all of us is powerful enough to influence politics and culture at every level.
Since pretty much the beginning of the internet, people who browse on any website leave behind them what I’ll refer to as a digital trail of bread crumbs. Websites have been picking up these ‘digital crumbs’ that are the result of people using their sites since day one, and analyzing them. Since it’s beginning, Facebook figured out how to use these digital crumbs to customize almost every ad you see there. Google does the same thing.
Websites own the digital crumbs that you leave behind. This has always been the case. GDPR changes that equation and gives the legal right of ownership to the one who created the trail of digital crumbs, and takes it away from the site on which it was left. So, in a nutshell, that is what GDPR is – it is a transfer of ownership of the data that is left behind by users of the internet when they use the internet.
This transfer of ownership applies, as well, to all information users intentionally give away while viewing the internet, like email address, name, contact info, address, – anything you would include in any contact form. In fact, it also means that if you fill out a contact form for, say, a free download, that does not subscribe you to an email list. The website owner is strictly only allowed to use your email to contact you for the express written purpose for which you gave you email.
Why does it matter for churches?
GDPR forces the issue and insures that we do, in fact, maintain best practices. If we don’t, we are at risk of being fined. Will the EU actually fine thousands of websites the day after this goes into effect? Probably not. But could they? Absolutely. Larger organizations (like a Seminary or a Dioceses or an Initiative) are at greater risk since there is more odds that they could, quite by accident, obtain, analyze, and store the data of European Citizens.
However, there is also a theological implication here. One of the significant ways you demonstrate to the world that you are capable of being trusted, is by being GDPR compliant. Seeing the difficulty and choosing inaction communicates a message that we can ill afford. One of the ways that we fulfill our calling to be light in the world is by being viewed as worthy of trust. GDPR compliance, for all its technical tedium, goes along way in increasing our visibility.
What can/should I do about it for my website?
This is a good question to ask! So far, we have discussed what GDPR is, and why GDPR matters to your church and your church’s website. The rest of the article will give you a checklist of items you need to accomplish in order to make sure your website is as close to GDPR compliant as it can be. The following 8 elements are crucial to GDPR compliance. If you have any questions with them, I would be happy to consult with you and help you through the process.
Internal to the website
I hope this article helped to explain what GDPR is, why it matters to your church, and what you can do about it. As you can see, GDPR compliance is not a thing you do and then forget about it. Rather, it is an ongoing process that becomes part of the fabric of how you sustain and maintain your online presence. If you need any help with this now or in the future, please don’t hesitate to let me know. Just click on the helpful green button.
Please share this with any webmasters or people you know who may find it interesting and or useful.