Since May the 25th 2018, came into effect the new European General Data Protection Regulation (EU-GDPR), related to the protection of physical persons, with regard to the personal data processing and their free circulation. The GDPR must be obligatory applied since this date and that imposes numerous duties to the organizations that are obliged to safeguard the privacy.
As a religious Congregation registered within an European state, we are obliged to fulfill some requirements that we have been implementing since the year 2018.
It is important to establish a “roadmap” in order to satisfy the new Regulation, because there are several important legal decisions that we must take into account and we’ll expose ourselves to pecuniary sanctions if we do not implement this Regulation.
The first step we have taken is the execution, identification, and analysis of the areas of risk and to document the personal data processing that we are developing, through an inventory of all the processing activities carried out by the Congregation. For this purpose, we rely on the advice of Atico34, a company of lawyers whose headquarters is in Madrid that is guiding us in the implementation of this Regulation.
One of the requirements of the GDPR for our Congregation is the express consent.
The GDPR establishes that all organizations are obliged to obtain an express, unequivocal and verifiable consent, not tacit, to manage the information they obtain from their members.
All the sisters must give our consent so that the Congregation may keep our personal data; this is something that already happens in practice, but the Regulation requires that each member of the Congregation issue and personally sign a document. In this format the scope and characteristics of this requirement that is divided into: Consent, Protection of Personal Data, Confidentiality Commitment and Authorization to use the sister’s photograph.
We are implementing the GDPR in our Congregation, setting in various aspects of the Regulation like the organizational emails and our websites. The fulfillment of this Regulation allows us, among other aspects, to guarantee transparency, to safeguard the personal information and to protect the sisters’ personal data. I would like to emphasize that this Regulation is a challenge and invites us to understand better and to get familiar in the use of data according to the international regulations and laws that we are incorporating into our structures. Obviously the matter is very broad and we are accompanying each Demarcation in the implementation of this Regulation, punctually informing and explaining them all the relevant aspects and requirements that we will develop.
The Congregation and the Demarcations handle in their respective Secretaries, the data, signatures and personal images of all the sisters that must be protected from possible manipulations.
We’ll continue in the implementation phases of this Regulation and to report about new features.
May the Lord carry on this work that the Congregation started and may He find in each sister the necessary availability and responsibility to welcome and put into practice these civil dispositions that, nevertheless, reflect the attention and care of God for each person in his uniqueness.