Changes to Data Protection Legislation in the EU & the Impact on MIA
Editor: On 25 May 2018, a month from today, the European Union is introducing stricter data protection legislation. The General Data Protection Regulation (GDPR) is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
Over the past twelve months, Mercy International Association has been preparing for the introduction of the GDPR, rewriting policies and procedures to take account of the changes to existing legislation and our increased responsibilities as a data controller, determining the purposes and means of the processing of personal data.
In this article, we wish to let our website visitors know the measures we have now put in place regarding our online prayer rooms (Chapel, Catherine's Tomb and Canonisation Cause Prayer Centre) and subscriptions to MercyeNews, as these affect all members of the Mercy family, not just those who are EU citizens.
Definitions of personal and sensitive data are expanded under the GDPR. In accordance with this, we have made changes to our prayer rooms so that only a person's first name can be added, email addresses will not be required or collected and sensitive information, such as health information, will not be recorded or displayed. All such information previously collected, has been deleted. Any such information added by prayer petitioners in the future will be deleted. At the same time, we wish the Mercy family to know that we will continue to remember in prayer the needs of those who have previously requested our prayers.
With subscriptions to MercyeNews, we use the 'double opt-in' method for subscribers and collect subscriber information (first and surname, email address, country, relationship to Srs of Mercy) solely for the purpose of sending out MercyeNews. We use Mailchimp as a data processor ie, to send out MercyeNews on our behalf. We provide 3 options for opting out of receiving MercyeNews: subscribers may click the unsubscribe link at the bottom of an issue of MercyeNews, email their request to firstname.lastname@example.org or contact MailChimp directly to request deletion of their data.
Under the changes to the GDPR, EU citizens have a right to access the information that a data controller holds on them and a right to be forgotten, ie to have such information deleted. Further details of these rights and how to exercise them can be found from your country's data protection commissioner. To find out what information MIA holds on you, or to request that such information be deleted, EU citizens should email your request to: email@example.com
Messages to: Mary Reynolds rsm - CEO MIA
Image: iStock. Used under licence