Processing of personal data by the Church and religious associations

Churches and religious associations process personal data of their parishioners, such as names, addresses, telephone numbers and other sensitive personal information. This data is necessary to ensure the smooth running of their activities, such as administering the sacraments, collecting and managing donations and organizing religious events.

Article 91 of the GDPR provides a special framework for the processing of personal data by churches and religious associations, recognizing the importance of such processing for the exercise of religious freedom. In this respect, the GDPR allows churches and religious associations to process personal data in compliance with general data protection principles and conditions.

Thus, the church and religious associations may process personal data for religious purposes, such as administering the sacraments, organizing religious services and events, managing donations and communicating with parishioners.

To protect parishioners’ personal data, the church and religious associations must implement appropriate security measures. These include encryption of personal data, restricted access to personal data, access controls, proper authentication and secure storage processes.

The theory is good, but what about the practice? Because, a common practice is this kind of communication by priests, which is at odds with the requirements of personal data security.

Want more information about GDPR compliance? Call us now