Thanks to GDPR and the so-called ‘right to be forgotten’ many churches are aware of the need to form policies for data erasure. As you formulate your policies you should think about how they will be executed on Klemi.
A few points to bear in mind:
- Like all modern data systems Klemi is built on a relational database. That means if you delete a member record, functionally speaking all data for that individual is erased because any role information or rota information etc. can no longer be related to that person, and therefore ceases to be meaningful
- You need to be clear that whilst the GDPR gives individuals the right to request their data be erased, there may be other factors which allow you to retain data on them or even require you to retain data. For example, a member may have been involved in your youth work:
- They have a youth work role associated with them, and/or;
- They appear in youth registers.
- At the current time (Apr 2019) recommendations within the Chuch of England are for this kind of data to be preserved for a long time, sometimes up to 75 years after the event. See here for example – pages 4.44-4.48 and here section 8.5, pp17-18.
- You cannot both preserve such information and delete records of members which feature there.
- You might therefore want to differentiate your deletion policy
- When should member records be deleted? (e.g. when there is no associated rota or role information)
- When should only address / contact information be deleted but not member records? (this would ensure key personal information was properly ‘forgotten’ but you were still compliant with best practice on keeping records.