On Friday, May 25, the European Union’s (EU) new General Data Protection Regulation (GDPR) goes into effect.
The GDPR regulates how organizations use information about EU citizens. Even small organizations like OurChurch.Com are required to comply with the regulation for the EU citizens we serve, including those in Great Britain which will be exiting the EU next year.
New OCC Privacy Policy
The main goal of the GDPR is transparency. Organizations are required to tell users what data they collect and how they use it. To comply with GDPR, we have updated our Privacy Policy.
According to the GDPR, privacy policies need to be concise, transparent, and in clear and plain language. Ironically, though, because of the amount of information that needs to be disclosed our privacy policy went from less than 200 words to more than 1600. We’re sorry for the length and understand it’s not the most riveting thing you’ll read this year. If you have any questions about our new privacy policy, please ask us in a comment or email.
Do You Need a GDPR-compliant Privacy Policy?
The GDPR applies to any organization that collects any data from EU citizens. Most small and medium sized churches in U.S. probably don’t have any data from EU citizens. However, if you have an e-newsletter or other email list that could include subscribers who are EU citizens, you are required to have a publicly accessible privacy policy. If you are a U.S. based e-commerce site and you sell to EU citizens, you are required to have a publicly accessible privacy policy. And if your organization – whether it’s a church, school, ministry or business – is based in the EU, you are required to have a privacy policy.
[Added 5/29/18] A few additional points… If you want to learn more about GDPR compliance, we recommend The Ultimate Guide to WordPress and GDPR Compliance. If you’d like, we can help you become GDPR-compliant. Bear in mind, we’re talking about at least 10-20 hours of extremely technical work, so the cost will likely be at least $1,000 and would be higher for e-commerce sites and others that collect a lot of data. Contact us for an estimate. [Added 5/29/18] One other thing to note, if the EU were to go after you for not complying with GDPR, you would first get a warning. If you don’t comply with the warning, you would get a reprimand. If you don’t comply after the reprimand you would have your data processing suspended. If you don’t comply at that point, you could be fined. I’m not offering legal advice here, but I could see some small US-based nonprofits looking at the complexity of the GDPR and how unlikely it is that they have any data on any EU citizens, and how unlikely it is the EU would bother with them even if they did have a few EU newsletter subscribers or blog commentators, and not bothering to doing anything unless they receive a warning.Google Analytics Data Retention
Also a quick reminder of what you need to do so you Don’t Lose Your Google Analytics Data on May 25th! (If we provide SEO services for you, we’ve already done this for you)
Isn’t having customers’ trust a cornerstone to good business? -Elizabeth Denham
If you are looking for an organization you can trust with your church web design, church web hosting, or church SEO, know you can trust OurChurch.Com to protect your data and and use it responsibly.
Discussion
- Do you have any questions or comments about the GDPR?
- Do you have any questions or comments about our new privacy policy?
2 Comments
I don’t understand … Are we NOT America and American People ? … Since when do we fall under a foreign Socialist Government and their laws? … Last time I checked, America is suppose to be a Sovereign nation of its own with its own rule …
Bobby, the Internet operates in every country and jurisdiction around the world. Every country and jurisdiction has the right to regulate the Internet for its citizens. The GDPR only applies to how an organization handles data for EU citizens. An organization could block all EU citizens from using its website and purge all data from EU citizens or it can comply with GDPR for EC citizens.