Curious if any of our EU-based members (especially those still in) have heard anything from official WT channels on how the Organisation plans to be in compliance with GDPR ("General Data Protection Regulations") by May 2018?
It's my understanding that religious organisations must comply, and that religious data is treated a "protected" and therefore subject to some enhance requirements.
Specifically, how will they comply with the following requirements:
- You must disclose to the individual: what data you collect on them, why, and what you do with the data (including what other parties receive the data and what they do with it)
- The individual must provide their written explicit consent that they agree to have the entity retain their data in the manner disclosed. Any changes to the terms require new consent from the individual
- Data collection must be proportional (i.e., only necessary data may be collected and can only be used for what you've previously disclosed to the individual)
- You can only keep the data as long as absolutely necessary, and must delete afterward. (e.g., even if a person demands deletion of their data, the organisation may be required to retain certain data points such as financial/tax data attached to a contribution)
- The individual must have: rights of access to all their data, the ability to correct it, and object to it
- The individual must have the "Right to be Forgotten" (i.e., they must be able to dictate that all their data be permanently erased
Congregations keep Publisher Cards and Judicial files forever; COs review publisher info; Judicial findings on specific individuals are reported to the Branch (and WT HQ in USA?)
What if the individual demand the "Right to be Forgotten" and all written evidence of them ever being a member wiped from congregation and WT files?