800-843-6054     Korean   Spanish
GDPR and International Ministry

GDPR and International Ministry

Alex Brown

Alex Brown

Alex Brown, Director, Marketing Communications
Alex Brown

Latest posts by Alex Brown (see all)

International Ministry and GDPRAny time we hear about big news in the world of secular business, we ask ourselves how, or if, it will affect our ministries. Big ministries with a marketing wing have probably heard about GDPR, but we thought we’d reach out to our friends over at Brotherhood Mutual’s Legal Assist to see what they had to say about how GDPR may affect ministries with an international presence.

General Data Protection Regulation

The General Data Protection Regulation (“GDPR”) is a new regulation designed to better protect the privacy of residents of the European Union (“EU”). The previous EU privacy regulation, the Data Protection Directive, was created in 1995 and effective until May 25, 2018. Compared to the Data Protection Directive, the GDPR is expected to better protect EU residents in this digital age where information can be spread far and wide at the click of a button.

How the GDPR May Affect Ministries

Ministries that were already in compliance with the Data Protection Directive may need to modify their practices to meet the heightened requirements of the GDPR. The GDPR regulates the use and processing of personal data of EU residents. Although protection is only afforded to EU residents, the broad definition of “personal data” has far-reaching consequences that will likely affect US companies, organizations and ministries. “Personal data” includes any information that can directly or indirectly identify an EU resident. This includes, but is not limited to, names, identification numbers, location data, or online identifiers such as an email address or IP address. If a ministry’s website allows visitors to provide their name, email address, or other personal data, that ministry may want to contact a locally licensed attorney regarding any potential new obligations under the GDPR. Similarly, ministries that collect personal information from EU residents in paper form may also want to review their information privacy practices with the assistance of an attorney. Because it may be difficult to discern whether a ministry is gathering information from an EU resident or an individual outside of the EU at any given time, ministries may want to take this opportunity to review their data collection practices for all individuals that interact with the ministry or its website.

Key Concepts of the GDPR

Although a couple key concepts of the GDPR are noted briefly below, ministry leaders are highly encouraged to review the GDPR in its entirely with the assistance of an attorney to determine what steps are necessary for each specific ministry to adequately protect the personal data of its EU visitors.


Although previous EU privacy regulations required an organization to obtain consent from an EU resident before collecting his or her personal data, organizations may need to revise their practices to meet the GDPR’s more strict definition of consent. Organizations must offer EU residents a genuine choice of whether they agree to share their personal data. The resident must consent by taking a clear affirmative action, meaning he or she must “opt-in” to sharing his or her personal data with the organization. This means that pre-checked opt-in boxes are likely not permissible under the GDPR. Additionally, organizations must provide EU residents with a right to withdraw their consent at any time, and the method for withdrawing consent must be as easy as it is to give consent.

Privacy Information

Under the GDPR, EU residents have a right to know various details about an organization’s use of their data, such as: exactly what types of personal data will be collected, the specific purposes the data will be used for, and who the data may be shared with in order to complete those purposes. For organizations with an online presence, this may require a review of privacy policies and terms of use to ensure that visitors are provided with adequate information regarding data collection and use. The GDPR also seems to give EU residents more control over the use of their personal data. For example, an EU resident may request that an organization delete all of his or her personal data once the purpose it was collected for has been fulfilled.


Lastly, it is important to keep in mind that organizations will be held accountable for both complying with the GDPR and demonstrating their compliance. This means that organizations should thoroughly document their data protection policies and practices and have procedures in place to periodically review them and confirm their adequacy. Larger organizations that regularly control or process a large amount of personal data may also need to appoint a Data Protection Officer to oversee the organization’s practices.

I hope this information is helpful. As noted above, the information provided here is only a brief introduction to the GDPR and ministries are highly encouraged to contact a licensed attorney to discuss whether their ministry needs to make any changes to their current data collection and privacy practices. In preparation for speaking with an attorney, ministry leaders might consider reviewing the resources provided by the official European Commission website.

Social media & sharing icons powered by UltimatelySocial