GDPR Compliance Overview

Introduction

Emily Helps is committed to protecting the privacy and personal data of all users in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This documentation outlines our approach to GDPR compliance and how we handle personal data within our parish management system.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is based.

Key Objectives

Protect Individual Rights: Ensure individuals have control over their personal data
Standardize Regulations: Create uniform data protection rules across the EU
Increase Accountability: Hold organizations responsible for data processing activities
Enhance Transparency: Require clear communication about data processing practices

Our Commitment

Emily Helps is built with privacy and data protection at its core. We implement:

Privacy by Design: Data protection is integrated into every feature and process
Privacy by Default: Only necessary data is collected and processed
Transparency: Clear communication about what data we collect and why
User Control: Tools for individuals to exercise their data rights
Security: Robust technical and organizational measures to protect data

Scope of Application

GDPR compliance applies to:

Personal data of parishioners and community members
Staff and volunteer information
Sacramental records and church registers
Communication and contact information
Any other personal data processed through Emily Helps

Key Compliance Areas

Our GDPR compliance framework covers:

Data Protection Principles - Core principles governing data processing
Legal Basis for Processing - Lawful grounds for processing personal data
Data Subject Rights - Individual rights under GDPR
Data Security - Technical and organizational security measures
Data Retention - How long we keep personal data
Data Breach Management - Procedures for handling security incidents
Privacy by Design - Building privacy into our systems
Data Processing Agreements - Contracts with data processors
Email Provider Comparison - GDPR-compliant email service selection
Google Workspace GDPR - Comprehensive Google Workspace compliance guide

Roles and Responsibilities

Data Controller

The parish or diocese using Emily Helps acts as the Data Controller, determining:

What personal data is collected
Why it is collected
How it is used
How long it is retained

Data Processor

Emily Helps acts as a Data Processor, processing personal data on behalf of the parish according to documented instructions.

Data Protection Officer (DPO)

Organizations may need to appoint a DPO if they:

Are a public authority
Engage in large-scale systematic monitoring
Process special categories of data on a large scale

Getting Started

To ensure GDPR compliance when using Emily Helps:

Review all sections of this documentation
Assess your data processing activities
Document your legal basis for processing
Implement appropriate security measures
Train staff on data protection procedures
Monitor compliance regularly

Questions and Support

If you have questions about GDPR compliance or need assistance:

Review the detailed documentation in each section
Contact your Data Protection Officer
Reach out to Emily Helps support team

Privacy by Design - Building privacy into our systems
Data Security - Technical and organizational security measures
Data Retention - Data retention policies and schedules
Email Provider Comparison - GDPR-compliant email service selection
Google Workspace GDPR - Comprehensive Google Workspace compliance guide
Architecture Documentation - Technical architecture and compliance

Last updated: October 2025