Notice: This document is for information purpose only and not meant as legal advice.
Application: This article applies only to those churches/customers storing Personal Information of citizens within the European Union.
Breeze and General Data Protection Regulations
At Breeze, data security has always been top priority! The new GDPR laws have only strengthened our resolve and commitment to providing you the highest of security standards.
As a Data Processor, Breeze (along with it’s sub-processors) processes personal data, with the sole purpose of providing and improving the site. All personal data collected and stored by Breeze is in relation to this purpose.
Updates in Progress
- Ensuring an adequate level of protection, under article 45, we are in the final stages of self-certification under the EU-U.S. Privacy Shield Framework
- Right to erasure - new functionality is being added, allowing for faster permanent erasure by allowing deletion of restore logs
Updates made, driven by the GDPR
- Heightened data security awareness on every level of the organization.
- Designated contact for security inquires related to GDPR matters | Julie Schweihofer, firstname.lastname@example.org
- Updated Terms of Service
Additionally, we are committed to helping you manage though the new GDPR regulations with as much ease as possible. With that in mind, here are resources already available.
Features already available within Breeze to help in your compliance:
- Right to Access - Invite Members to Create an Account; Quick Password Changes; Comprehensive view of personal information available through individual profile records
- Right to Rectify - allow authorized users and or members to Edit Personal Information as necessary
- Right to Erasure - Delete People, and don't forget to delete their user account, delete restore by navigating to More>Restore>toggle "delete forever options">"delete forever"
- Right to Restrict Processing - Give Varying Levels of Permission to personal information
- Right to Data Portability - Export People, Export Tags, Printing Contributions (also available for download), Attendance, Notes (sort export for pertinent information), Follow-ups, Forms, Volunteering (people tab > individual profile > volunteering > ctrl+p > save as pdf)
- Consent - enhanced features available through Marking Data as Private and Viewing & Restricting Private Data; Create consent forms
View Additional Documents Here:
Here's to achieving strong security goals together!
Understanding the General Data Protection Regulation (GDPR)
The General Data Protection Regulation, going into effect May 25, 2018, aims to provide greater transparency, protection and control to those living in the European Union as relates to the processing of personal information. This regulation replaces the Data Protection Directives previously in place and provides consistent data privacy laws for all EU member states.
What is the territorial scope of the GDPR?
Any organization processing personal information of individuals living in the EU is subject to these regulations, regardless if the processing is happening in the EU or not.
What information is protected under the GDPR?
The regulation applies to the processing of personal data by automated or manual means.
The processing of data refers to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, of personal data.
Personal data refers to any information as relates to an identified natural person, or that can be used as an identifier of a natural person. Examples include: name, contact, identification numbers, gender, etc. In addition, special categories of personal information have been identified by the GDPR and require additional care and safeguard of protection.
What are the Principles behind processing Personal Information under the GDPR?
- Organizations must show lawfulness, fairness and transparency in processing
- Personal Information should be collected for specified and legitimate purposes
- Information should have adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and up to date, erasing or rectifying inaccurate data without delay
- Kept for no longer than necessary based on original purpose
- Protected against unauthorized or unlawful processing, accidental loss, destruction or damage