Implementation Points of the GDPR (General Data Protection Regulation) law
Vienna Christian Center
The new GDPR law went into effect Europe-wide on 25th of May, 2018. This law is in response to the great abuse of personal data being hacked, sold or used for purposes other than what the person originally intended or agreed to. Although this new law is in response to abuses of many commercial vendors, it effects how all organizations handle data including churches and non-profits.
The FKÖ, FCGÖ, BFP in Germany and many other movements that we are connected to have all drafted similar policies and procedures to protect us as a church and the members we serve. We have extensively looked at their documents as we’ve written our own for VCC and feel these are the major points we need to highlight to our leadership teams:
- We have reported to the FCGÖ that Elmer Ramos will be our data protection officer (DSZ – datenschutzzuständige Person). Elmer will be responsible to audit us at VCC and make sure we are all compliant as well as report that we have complied to the FCGÖ. He will also have to attend one or two seminars a year on our behalf. Please cooperate with him at any moment he asks questions or needs information and know he is operating under the authority of Pastor Larry Henderson and VCC.
- We must request permission of all members to allow us to keep the current data we have in our systems as well as include a disclaimer on all future written communication (guest cards, registrations for conferences, website forms, etc…) for any current or new persons attending VCC giving us consent to use their personal information. We must also give them the right to revise, limit the use of their data or opt-out at any time. We will have a link to our privacy terms on our website where they can read more details but the following phrase must be written on all future VCC communications:
- German – “Wir bestätigen unsere Verpflichtung, Ihre persönlichen Daten zu schützen, und verwenden sie nur für interne Zwecke. Indem Sie uns Ihre Daten mitteilen, stimmen Sie unserer aktualisierten Datenschutzerklärung (DSGVO) zu.”
- We must take sufficient security measures to protect all personal data and make sure it is stored on a secure server or hard drive. This will include limiting only persons/leaders who have been trained to understand our data protection protocols. Elmer as our DSZ will confirm this is being done with random checks and repetitive messages to remind us of data security protocols.
- Ask all our pastors/leaders to sign a consent form that is a part of our code of conduct or ministry covenant.