Right to be forgotten
For organisations governed by the EU General Date Protection Regulation, where consent is used as a lawful basis for processing data the right to object to processing doesn't apply (although an individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies); however data subjects can invoke their right to be forgotten.
ChurchSuite and the right to be forgotten
As the data controller, it's important that your privacy notice makes clear to data subjects your organisation's expected processes for communicating, receiving and actioning a Right to be forgotten request.
Since the scope of the right to be forgotten extends far beyond just your organisation's processing of a data subject's personal information within ChurchSuite, the Delete account functionality outlined in this article is designed simply to facilitate a request from a data subject to be removed from your organisation's ChurchSuite account.
No data is automatically deleted by a "Delete account" request. A "delete account" request is notified to your designated Data Protection contact alerting you that a person has requested that their ChurchSuite data be deleted. It' is then up to you, the data controller, to action that request as appropriate and confirm back to the data subject when the process is completed. Requests should be actioned within the timeframes prescribed by the GDPR. Remember, you may have a lawful basis for continuing to process some or all of their information!
For ChurchSuite accounts where a Privacy Notice has been added, ChurchSuite provides a Delete account option in My ChurchSuite on the Privacy page...
...and on the My Consent form...
...and on the Communication page linked through from the Unsubscribe link in the footer of certain emails sent from within ChurchSuite.
When a person selects Delete account, a confirmation pop-up is displayed explaining what will happen if they proceed.
If the person proceeds and they are currently logged in to My ChurchSuite, they are immediately logged out and their My ChurchSuite access is disabled...
Additionally, all Privacy options and Communication options are opted out, preventing any of their details being visible to others in My ChurchSuite, and preventing them from receiving further email or SMS communications sent through ChurchSuite (unless a user, when sending, selects to not respect communication options - in which case an email will be sent).
Changes logs are also added...
...a "Delete Requested" Key Date is added...
...and finally, a Notification email is sent by ChurchSuite (the data processor) to the church's designated Data Protection contact (set in Administrator > Profile), alerting them that a person has requested their account be deleted from ChurchSuite.
Your church can now follow your preferred pastoral and administrative workflows for removing personal data held on ChurchSuite, before confirming back to the data subject that their request has been actioned.
Note: 'Delete account' will never auto-delete a person. 'Delete account' will also not auto-archive the person. All their data - event sign-ups, ministry and group membership, linked family members, etc remain in tact. Where an account deletion request has been received, you may still be able to rely on another lawful basis for continuing to process some or all of the information - for example, a 'legitimate interest' may apply to things like membership lists such as the electoral roll, or a 'legal obligation' may apply in respect of donations and Gift Aid records - the lawful bases for processing and the scope of processing will be determined by your privacy notice. Note also that the Delete account option is only shown when a privacy notice has been added (In Administrator > Profile).
Data Protection contact notifications, including 'delete account' requests, are recorded in the Recent Activity > Communication log visible in the Administrator > Profile area.