ChurchSuite and GDPR

The new General Data Protection Regulation (GDPR) comes into effect on 25th May and introduces a number of significant changes that will impact the way an organisation processes personal data for EU citizens.

Last summer we produced a GDPR case study to help churches prepare for some of the main the changes being introduced. We'll continue to keep this article updated over the coming weeks as we move towards May.

How can ChurchSuite help you with GDPR compliance?

The security and privacy policy pages on our website may be helpful if you have particular questions about ChurchSuite's own compliance with GDPR as a Data Processor e.g. data security, encryption, backups, hosting within the EU etc.

We're also committed to developing additional functionality to help churches achieve best-practice compliance and consent evidence through their use of ChurchSuite, both for those in your existing Address Book, but also for new people that you'll add to your database in the future. Obviously we're not responsible for your church's compliance (sorry!), and certainly GDPR extends to far more than just your use of ChurchSuite but we are committed to implementing new features and workflows to assist you with compliance and consent, if you wish to use them.

Ongoing GDPR-related development work.

  • We're exploring additional functionality to permit legitimate interest emails to be sent, overriding a recipient's email/SMS opt-out. (Updated 23/4/2018 Estimated due date: TBC)
  • We're exploring additional functionality to manage the right to restrict processing by archiving those individuals and locking their profile to prevent further changes to data by users or the individual. (Updated 23/4/2018 Estimated due date: TBC)
  • We're exploring additional functionality to help withe the right to access, through a comprehensive report that includes all the person's personal information, notes, key dates and tags. (Updated 23/4/2018 Estimated due date: TBC)

GDPR development work we've already completed...

  • We now log all My ChurchSuite password reset requests against the Address Book contact, and we log all user password reset request against the User's profile.
  • When viewing people in your database we've made it much clearer for you to see how and when new people are added to your database. You can now see the "created by" user/date/time stamp when viewing a contact, child or giver's profile page. Previously this was only visible when editing a person. Now located under the 'Recent Activity' section you can see at a glance when a person was first added to your database and how/by whom.

  • In Administrator > Profile you can now set an account-level Data Protection statement that will be made available on all public-facing forms.

  • We've begun introducing a new 'opt in consent' checkbox linked to your Data Protection statement for all public-facing forms where personal data is submitted, including Donate, the Connect "My Details" form, the Embed 'My Details' form, Group sign-up, Visitor child check-in, Event pages with sign-up, and the customer-facing Booking pages.

  • We've added the Data Protection statement from your administrator profile to the Privacy Settings section of My ChurchSuite.

  • Implementation of a new Data Protection contact in Administrator > Profile > Contacts, which will be used for certain GDPR-related workflow notifications e.g. "Request to be forgotten" and "unsubscribe" requests. By default we've populated the DP contact with the Account Contact details, but churches will update this to their designated Data Protection officer details.

  • Implementation of additional "Receive email/SMS?" opt in/out settings for unlinked givers and unlinked parents.

  • We now always send a confirmation email back to a submitter whenever personal data is submitted through any public-facing forms - this applies to event sign-up, the Connect "My Details" form, the embeddable "My Details" form, small group sign-up, Visitor child check-in and Donate. Confirmations are sent with personal data obfuscated and include full details of the data that was submitted on the form. Confirmations are logged in each person's 'sent' communications, providing an historic record of consent for the data submitted.

  • When resetting a password from within ChurchSuite (either when a user reset their own password, or when an Administrator force-resets another user's password), we now show a helpful password strength indicator so that you can see at a glance whether your "Password123" password really is the best-compliance, secure option!

  • We've added "Settings" to each module's Reports section, which allows Administrators to easily disable a report that your church would prefer not to use and doesn't want to collect unnecessary data for. Further settings can prevent users from exporting a report (i.e. download or print) or communicating from the report. Essentially we want to make it easier for you to manage the flow of personal data going out of your ChurchSuite account. Currently report settings apply to all users and administrators.

  • Following a full review of our change logs, we've implemented additional logging to provide a much more detailed audit trail of precisely how a person was added to ChurchSuite, and by whom. For example, when an event sign-up is added to your Address Book from the event in the Calendar module we show the event that person was added from and the user that performed the action...

    ...or perhaps when a child visitor is added to your Children module from the Visitors report...

    ...or when an existing unlinked parent is added as a new contact in your Address Book from the child's profile page...

  • When moving a contact to the Children module, or a child to the Address Book, we now maintain a more detailed change log history in the Recent Activity section.

  • Best compliance is when organisations only collect personal data in accordance with their purposes and privacy policy. We've now made the Job and Employer fields optional in the Address Book. If your church doesn't need to collect personal data for those fields you can now disable them; all related reports and Smart Tag conditions are also disabled.

  • We've added a module password option to all the modules. Previously this was only an option for the Giving module. You can now add an extra layer of security to any module by implementing a module password. Any user, including administrators will be unable to access the module without the correct password.

  • The "Sex" field can now be set as optional on the My Details newcomer form for Connect and Embed. This will be helpful if a person's sex is personal data that you do not wish to process.
  • The following Children module fields are now optional and can be disabled on your account if you don't wish to process this category of data within ChurchSuite: school, special needs, doctor details and additional information.
  • Givers can now manage their own online recurring donation subscriptions within the My Giving section of My ChurchSuite; perhaps to cancel an existing direct debit in order to create a new one, or to manage their recurring card donations, including changing the amount, adding an end date to their subscription, cancelling their donation entirely, or changing their payment card. Helpful change logs are recorded in the Giving module, including a confirmation of the changes to the giver.

  • We've added the new "Right to be forgotten" option to the My Details section within My ChurchSuite. No data is auto-deleted if invoked; instead a notification is sent to the Data Protection contact, a key date is added in the Address Book, email/SMS is opted out, My ChurchSuite access is revoked, and the person is immediately logged out of My ChurchSuite. The 'forget me' option is only visible if your church have added their privacy notice (in Administrator > Profile)

  • We've implemented some visual changes to the My Details section of My ChurchSuite and for child profiles in My Children within My ChurchSuite. We've separated out sections for Details, Login and Privacy, and have introduced a new Communication section for managing communication preferences.

  • We've finalised ChurchSuite's updated Terms of Service to reflect GDPR, incorporating the compulsory terms set out by the ICO. We've made things much clearer to reflect our two distinct roles - where ChurchSuite is a Processor to you the customer Controller, but also where ChurchSuite is a Controller and you, our customer, are our data subject. Essentially the Terms of Service are the written contract that exist between controller and processor, as required by the GDPR, and will more clearly set out our respective rights, duties and obligations. We've today communicated this to Account Contacts, with the new Terms effective from 8th May 2018 in the lead up to the 25th May. (Updated 8/4/2018)
  • We've added two new optional communication options - "Receive post?" and "Receive telephone calls?". These can be enabled in the Address Book and Children module options. Once enabled, these are visible in ChurchSuite, My ChurchSuite and the new My Consent form coming soon. (Update 8/4/2018)
  • We've introduced an affirmative "opt in to receive communications" section on the Connect and Embed "My Details" forms. Opt in is distinct from confirming they have read and accept your privacy notice. Consent will evidenced by a confirmation email sent back to the submitter detailing what they submitted and opted into. That sent email will serve as consent evidence and will provide data subjects a further opportunity to opt out if they wish. (Updated 8/4/2018)

  • Implementation of a brand new "unsubscribe" workflow that will be embedded into the email footer of all ChurchSuite emails. Recipients will be able to manage their subscription preferences or unsubscribe entirely. (Updated 11/4/2018. This feature is going live on Monday 16th April)
  • We've introduced new communication options to opt in/out of receiving rota reminders, as distinct from other general church communications. This is manageable within My ChurchSuite, the My Consent form, and through the 'unsubscribe/manage subscriptions' link from within emails. (Updated 11/4/2018)
  • As part of our own Data Protection Impact Assessment for GDPR compliance, we've implemented new internal processes for our support team, meaning that we can only access your account when you, the data controller, enable support access. Access can be enabled and disabled by Administrators as required. When disabled, we may only be able to provide general support responses and support article links. (Updated 11/4/2018)
  • As part of our GDPR compliance preparations, we've written a new policy (found in the footer links in ChurchSuite) called "Acceptable Use Policy". This is essentially a helpful list of "do's and don'ts" for users who are otherwise only indirectly bound by the Terms of Service between us and the data controller. The acceptable use policy provides data controllers and their users some basic "ground rules" of acceptable use of the service. (Updated 11/4/2018)
  • As part of our own Data Protection Impact Assessment for GDPR, we've updated our privacy policy, which can be found on our website and through the link in the footer of every page in ChurchSuite. (Updated 16/4 2018)
  • We've implemented a new workflow to manage ongoing consent of people in the Address Book and Children module. This comprises an email consent request to a secure page showing the personal data you currently hold about people presented in a partially-obfuscated form. Recipients can then review the form, make any changes/corrections, and submit the completed form back with their opt-in consent to your processing their data. People can also manage their communication preferences and privacy options on the form. We add a key date for the consent, add change logs as appropriate, and record a snapshot of the completed form in the communications log as a confirmation back to the submitter. We'll also trigger a notification to the data protection contact where a person invokes the 'forget me' right to be forgotten. The ongoing consent workflow is entirely independent of a church's use of My ChurchSuite and doesn't require data subjects to have a login. (Updated 16/4/2018)
  • We've introduced batch actions on all Notes reports throughout ChurchSuite's modules, making it much easier to review historic notes and, where they are no longer deemed necessary, to bulk-delete those notes.  (Update 02/5/2018)

Need further help?

The following resources may be helpful as you prepare for GDPR compliance.

  • The ICO (Information Commissioner's Office) website. They also have a GDPR reform section, that has comprehensive coverage of GDPR with regular updates as each consultation takes place.
  • Your local UCAN Administrator's network.
  • The Evangelical Alliance.
  • Legal/professional advise from a Data Protection and/or charity expert - you may have people in your church who can help, or you may need to instruct someone professionally to advise your church. There are some great charity/governance consultants out there that will provide guidance to trustees and church teams.
  • Overseers or the governing body for your church's affiliation, denomination or stream.
  • Other churches in your local area or network.

Still need help? Contact ChurchSuite Contact ChurchSuite