Is your church ready for GDPR?

May 30, 2018 by  
Filed under Featured, News, Research

You’ve probably heard about GDPR. The new European data protection regulation that applies practically to everyone entered in power on May 25, 2018. Especially if you operate a church or ministry website, it’s most likely that there’s already a process for getting your systems in compliance with the regulation.

GDPR in effect adds to or supersedes existing legislation on data protection, which up to this point has been provided by the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003. The regulation is basically a law that must be followed in all European countries (but also applies to non-EU organizations that have users in the EU). In this particular case, it applies to companies that are not registered in Europe, but are having European customers. So that’s most church organizations. The GDPR introduces a stronger requirement on accountability for data controllers. This means that you must be able to show that you are complying with the principles by providing evidence. For example, where you process on the basis of consent, you should to store those consents. Since consent should be specific to a “purpose”, you may need separate consent to cover different areas of data processing within the life of the church

The impact is going to be huge as there are a number of very significant changes that will impact every organization that processes data inside the EU. This includes the Church, which has been that in most cases, very poor at complying with legislation. If your church organization or church website process personal information, of any kind, inside the EU, GDPR applies to you. This applies to Churches who are owned/run from outside the EU. If you process any data in the EU like website visitors, live broadcast viewers or attendance, GDPR needs to be on your radar.

Though, GDPR allows religious (amongst others) not-for-profit bodies to process data without specific consent as long as it relates only to members or former members (or those who have regular contact with it in connection with, there is still a great risk. Data that “reveals religious belief” becomes special category data – which requires additional care with regard to processing. Reveling of “religious belief” should not be assumed simply because someone attends church or church events, becomes a “friend” or gives money to a church. However, where someone is required to have affirmed belief (e.g. that they are baptized or that they are a member of the Church) e.g. processing of the electoral roll, then this could be argued to reveal religious belief.

In regard of this, the rights of the user/client (referred to as “data subject” in the regulation) under the new GDPR law are:

  • the right to erasure (the right to be forgotten/deleted from the system),
  • right to restriction of processing (keep the data, but mark it as “restricted”)
  • the right to data portability (export data in a machine-readable format),
  • the right to rectification (the ability to get personal data fixed),
  • the right to be informed (human-readable information, rather than privacy terms)
  • the right of access (the user is able to see all the data you have about them).

Additionally, the relevant basic principles are:

  • data minimization (do not collect more data than necessary),
  • integrity and confidentiality (all security measures to protect data)
  • measures to guarantee that the data has not been inappropriately modified.

To set some context, it may be helpful to ask, “Whose data is it?” If we believe that the data we hold on our systems belong to us then we are likely going to be resistant to GDPR. If we are 100% clear that each person’s personal data belongs to that individual alone, and that we are custodians of their data, then we’ll likely have a much healthier response to GDPR. When we see ourselves as custodians, charged with a “trust,” we’ll likely want to do our very best when we receive, store and process people’s personal data. And also be more ruthless about removing any data that we don’t wish to hold within that trust.

The legal basis for processing data is premised on one or more of six conditions:

  • consent of the data subject
  • performance of any contract with the data subject relating to it
  • compliance with a legal obligation
  • that the vital interests of the data subject are protected
  • that the data acquired and held is needed for the performance of a task carried out by the organization in the public interest
  • that the legitimate interests of data subjects are protected

None of the other requirements of the regulation have an exception depending on the organization size, so “I’m small, GDPR does not concern me” is a myth. “Personal data” is basically every piece of data your organization has collected that can be used to uniquely identify a person.

Just an every day example, Google Maps shows you your location history – all the places that you’ve been to. Displaying your church’s map allows visitors to find you but also records their intent of movement history on any electronic device that can lock a GPS location (this includes any PC with internet connection too). It is still the visitor’s personal information that GDPR allows storing only under certain legal conditions.

An individual can object at any time to you using their personal information for:

  • Direct Marketing (including fundraising). If an individual objects to you using their data to contact them for this purpose then you must cease immediately. There are no exemptions.
  • Scientific, historical, research or statistical purposes. You can have an exemption from this if you have a legitimate need to keep processing it, e.g. you need to send Gift Aid information to HMRC.
  • A ‘legitimate interest’ of the church (ex. video broadcast, family events, small group home gatherings, fund raisers, prayer call campaigns, etc.).

Age check – GDPR introduces special protection for children’s personal data. Broadly, for a child there will be a need to have consent from a parent or guardian in order to process any data lawfully. You should ask for the visitor’s age, and if the user is a child, you should ask for parent permission.

Keeping data for no longer than necessary – if your church collects the data for a specific purpose (e.g. product purchase, email campaign, call list, etc.), you have to delete it/anonymize it as soon as you don’t need it. Many churches offer welcoming package, registration, online offering, etc. The visitor’s consent goes only for the particular item for which you are obligated to keep a consent form.

Cookies – Every basic website nowadays use a number of different types of cookies. They are all subject of a different regulation (a Directive that will soon become a Regulation). However, GDPR still changes things when tracking cookies are concerned. I’ve outlined my opinion on tracking cookies in a separate post.

Encrypt the data in transit – means that communication between your application layer and your database (or your message queue, or whatever component you have) should be over TLS.

Encrypt the data at rest – this again depends on the database (some offer table-level encryption), but can also be done on machine-level

Implement pseudonymisation – the most obvious use-case is when you want to use production data for the test/staging servers. You should change the personal data to some “pseudonym”, so that the people cannot be identified.

Don’t log personal data – getting rid of the personal data from log files (especially if they are shipped to a 3rd party service or a plugin.

Above all, DO NOT use data for purposes that the user hasn’t agreed!

Finally, GDPR mandates identification and notification of breaches of the regulation to the individual, and sometimes the national regulator (the Information Commissioner’s Office, ICO) within 72 hours. The maximum fine for organizations which breach the regulation will be €20 million. Quite apart from anything else, this should give charity trustees pause for thought.

Where to begin? Start with the following questions and actions:

  1. Does your collection and use of personal or sensitive data fall within the “purposes” of your current Data Protection policy?
  2. Are there current uses that fall outside the current scope?
  3. Are your policy’s stated “purposes” sufficiently broad enough to cover all your ministry and activity? Highlight any areas that need further expansion in your policy.
  4. Note down any third party “processors” that use or further process the personal data like: Book keeper, WordPress, MailChimp, Planning Center, Stripe, GoCardless, Textlocal.
  5. Identify and list all the ways your church adds personal data into each module, including contact details, attendance or tracking data, and notes.
  6. Note any additional processing of information you carry out in your admin workflows within each module, such as communications you send, notifications to others in your church that get triggered, and any reports you produce and distribute in those workflows.
  7. Are there any areas of “bad practice” or risk that needs addressing? For example, using images from people’s social media profiles without consent or audio/video and live broadcast recordings of the same. Notes that express opinion rather than fact, or where consent has not been obtained for all of these.
  8. In respect of handling personal data, how do your church’s procedures demonstrate accountability practices?
  9. Are any changes communicated to those in your church or team that need to know?
  10. If you were a newcomer to your church, would you as a newcomer be clear at every point of submitting your personal data, what the church’s privacy notice and data protection policy is? Would you feel sufficiently informed about how your data will be used and would know how you could opt out if you wanted to?

Common sense disclaimer: This article is not legal advice. You need to contact your church attorney for a complete evaluation and action guide on how to fully protect your organization.

2018 Annual Conferences of Bulgarian Churches in America

May 25, 2018 by  
Filed under Featured, Missions, News

bulgarian-churchThe congregations within the Alliance of the Bulgarian Evangelical Churches in North America meet every Memorial Day weekend for an annual conference:

  1. Dallas (2002)
  2. Chicago (2003)
  3. Minneapolis (2004)
  4. Los Angeles (2005)
  5. Dallas (2006)
  6. Chicago (2007)
  7. Minneapolis (2008)
  8. Los Angeles (2009)
  9. Houston (2010)
  10. Las Vegas (2011)
  11.  Chicago (2012)
  12. Dallas (2013)
  13. Minneapolis (2014)
  14. Las Vegas (2015)
  15. Houston (2016)
  16. Chicago (2017)
  17. Jacksonville (2018)

READ ALSO:

ALL Bulgarian Cookbooks on Kindle

May 10, 2018 by  
Filed under Books, Featured, News

Cooking Traditions of Bulgaria, Second Edition (now on Kindle)

Bulgarian cuisine is distinct, yet eclectic at the same time with Mediterranean influence and flavors of its surrounding countries. Bulgaria borders the Black Sea, between Romania and Turkey. Greece is also a neighbor, along with Serbia and Macedonia to the west. This cookbook features 50 personal, but authentic recipes in… 

Ancient Recipes of Bulgaria now for Kindle

Ancient Recipes of Bulgaria, Second Edition By Evdokia Krusteva This cookbook features nearly two dozen truly ancient recipes of Bulgarian cooking. Some of these dishes are distant relatives to ones found in ancient Roman manuscripts believed to have been compiled in the late 4th or early 5th century AD. Others are among those…

European Delights: A Sweet Journey Through Europe (now on Kindle)

Cakes, cookies, custards, puddings, candies, fried dough, pies and pastries. From the unconventional, recipes of Albanian Walnut Lemon Cake and Lithuanian Poppy Seed Cookies to the classic Tiramisu and Macaroon recipes, this cookbook takes your taste buds on a sweet journey throughout Europe. Desserts have come a long way since…

Ancient Recipes of Bulgaria (now on Kindle)

This cookbook features nearly two dozen truly ancient recipes of Bulgarian cooking. Some of these dishes are distant relatives to ones found in ancient Roman manuscripts believed to have been compiled in the late 4th or early 5th century AD. Others are among those far before the time of Christ…. 

Cooking Traditions of Bulgaria (now on Kindle)

Now also on Amazon’s Kindle Store This cookbook features authentic recipes in attempts to further the tradition of keeping alive century old recipes of Bulgarian cuisine. Here you can learn how to make dishes from moussaka to baklava and others in between. The variety of tastes of authentic Bulgarian foods…

 

Ancient Recipes of Bulgaria, Second Edition

Ancient Recipes of Bulgaria, Second Edition By Evdokia Krusteva This cookbook features nearly two dozen truly ancient recipes of Bulgarian cooking. Some of these dishes are distant relatives to ones found in ancient Roman manuscripts believed to have been compiled in the late 4th or early 5th century AD. Others are among those…

Global Network of Bulgarian Evangelical Churches outside of Bulgaria (2018 Report)

February 10, 2018 by  
Filed under Featured, Missions, News

bulgarian-churchBulgarian Evangelical Churches in the European  Union (2018 Report)

Bulgarian Evangelical Churches in America (2017 Report)

  • Bulgarian Evangelical Churches in Chicago (2017 Report)
  • Bulgarian Evangelical Churches in Texas (2017 Report)
  • Bulgarian Evangelical Churches – West Coast (2017 Report)
  • Atlanta (active since 1996)
  • Los Angeles (occasional/outreach of the Foursquare Church – Mission Hills, CA)
  • Las Vegas (outreach of the Foursquare Church – http://lasvegaschurch.tv)
  • San Francisco (occasional/inactive since 2012, Berkeley University/Concord, CA)

Bulgarian Evangelical Churches in Canada (2017 Report)

  • Toronto (inactive since 2007)
  • Toronto/Slavic (active since 2009)
  • Montreal (occasional/inactive since 2012)

CURRENTLY INACTIVE CHURCHES/CONGREGATIONS:

  • New York, NY (currently inactive)
  • Buffalo, NY  (occasional/inactive)
  • Jacksonville, FL  (occasional/inactive since 2014)
  • Ft. Lauderdale / Miami  (currently inactive)
  • Washington State, Seattle area (currently inactive)
  • Minneapolis, MN (occasional/inactive since 2015)

READ MORE:

2020 Vision for Bulgarian Evangelical Churches outside of Bulgaria

January 25, 2018 by  
Filed under Featured, News, Publication, Research

bulgarian-churchOver a decade ago, after publishing Bulgarian Churches in North America: Analytical Overview and Church Planting Proposal for Bulgarian American Congregations Considering Cultural, Economical and Leadership Dimensions, we purposed to explore the possibility of implementing the church planning program among Bulgarian Diasporas in various destination countries of migration.

With this in mind, we carried the vision for establishing 20 Bulgarian churches outside of Bulgaria by the year 2020. Cyprus, the United Kingdom and Canada were among the first to successfully implement our program. Bulgarian migrant communities in France, Italy and especially Spain and Germany followed with great enthusiasm – there are 7 Bulgarian evangelical churches active in Span today, and 18 in Germany.

Of course, not all parts of the program proved to be efficient. The program’s modules and training that was implemented, however, have produced 47 strong church plants thus far and the number is growing every month. The program proposed has been confirmed by the leadership we have received from the Holy Spirit. Our commitment to seize the opportunity and work toward adding more Bulgarian churches by the year 202 has by far surpassed all expectations.

READ ALSO:

The Bulgarian presidency of the Council of the European Union

January 15, 2018 by  
Filed under Featured, News, Publication

The priorities of the Bulgarian presidency are driven by its motto: ‘United we stand strong’, which is also the motto of the coat of arms of the Republic of Bulgaria. The presidency will work with its partners on unity among the member states and the EU institutions to provide concrete solutions to build a stronger, more secure and solidary Europe. During the next 6 months, the presidency will focus on four key areas: future of Europe and young people, Western Balkans, security and stability and digital economy.

Bulgarian Cookbooks for Christmas

December 10, 2017 by  
Filed under Books, Featured, News

http://bulgariancooking.com/

2016 Cooking Traditions of Bulgaria, Expanded Second Edition (Black & White)

2015 European Delights: A Sweet Journey Through Europe

2014 Ancient Recipes of Bulgaria

2013 Cooking Traditions of Bulgaria (Second Edition)

2012 Cooking Traditions of Bulgaria

Get them all today at Aamazon.com

Bulgarian Evangelical Church in Sofia

December 5, 2017 by  
Filed under Featured, Missions, News

Bulgarian Evangelical Church in Kazanlak

December 1, 2017 by  
Filed under Featured, Missions, News

Bulgarian Evangelical Church in Ruse

November 30, 2017 by  
Filed under Featured, Missions, News

Next Page »