If you're processing personal data of EU citizens, ChurchSuite makes it really easy to gain ongoing consent to process the personal information of those in your Address Book and Children modules; helping you comply with the requirements of the EU General Data Protection Regulation 2018 (GDPR).
"...best compliance with the GDPR is when data subjects can manage their own personal data - which is the purpose of My ChurchSuite - however, the new ongoing consent feature enables people to easily engage with your privacy notice, to understand how their information is being used and why, and then provide affirmative, opted it, ongoing consent for you to process their personal information in accordance with the new legislation."
From either a person's profile in the Address Book or Children module, or from the Communication section of those modules, you can now send a consent request to an individual or group of people; or even to everyone in your ChurchSuite account.
Importantly, the consent form and consent request are both customisable, so you can communicate in language that's familiar to your context and use of personal data. Your privacy notice is also made available on every public-facing form, including the My Consent form, where people are submitting personal information to you.
Each consent request contains a personal link to their "My Consent" form. The My Consent form includes all the personal information you hold about that individual, presented in a partially 'starred out' format, for privacy.
Church members and their children can easily review their information - making corrections, adding missing information, or removing information they no longer wish you to hold. They can also review their privacy settings and communication preferences, before finally confirming and submitting their consent. Those completing the form are required to enter their name; so you'll always know whether the My Consent form was completed by the data subject themselves, or by a spouse/partner, or a parent on behalf of their child; or they can click 'forget me' to invoke their "right to be forgotten".
All the changes are updated back in ChurchSuite, including changes logs, and an "Ongoing Consent" Key Date is recorded against the person. As a double confirmation, the submitter will receive a customisable 'success' email that includes a snapshot of their My Consent form and the fields and data present on the form at the time of submission. This 'sent' confirmation is added to the person's communication log providing that all-important evidence of consent.
If a person wishes to be forgotten, an email is sent to your church's designated Data Protection contact so that you can follow your preferred pastoral and administrative workflows for removing data held on all your systems.
Our support article includes lots of helpful tips and suggestions for managing ongoing consent - including for those who don't have an email address, or if you have pre-existing consent records that you want to add in to your ChurchSuite account. We've also made suggestions on how you can keep track of those who have a current consent and those whose consent is oustanding.
We've produced a helpful support article explaining this new GDPR functionality in greater detail. All our support articles are available online via the "Ask a Question" beacon in ChurchSuite - just search by keyword, phrase or topic.
We've got lots more features and enhancements planned for this year - watch this space! In the meantime, if you have any feedback or suggestions for us, please don't hesitate to get in touch, we'd love to hear from you.
Paul Nation, ChurchSuite