Frequently Asked Questions About ParishSOFT's Forget Feature

Do you have questions about the new Forget Feature and how it affects you? This topic presents answers to frequently asked questions we have received from customers.

General GDPR Information

On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) went into full effect. GDPR is a European regulation that addresses data protection and privacy for individuals located in and outside of the European Union.

GDPR only applies to records created while the family or member are residents of the European Union. Therefore, it is important to understand the following:

● If the family or member lives in the United States when the record is created and then move to a country that is in the European Union, GDPR rules do not apply.

● If the family or member has a part-time residence (like a vacation home) in a European Union country, but their record is created for their non-EU address and the EU address is later added, GDPR rules do not apply,.

The GDPR regulation has different levels or responsibilities for the data processors and the data controllers:

● ParishSOFT is considered a data processor. A data processor is loosely defined as a tool or application provider.

● Parishes and diocese are considered data controllers. Data controllers are owners of the data. As such, they are responsible for conforming to GDPR regulations.

ParishSOFT Forget Feature Frequently Asked Questions

The major focus of this legislation is to give individuals control over their personal data collected and stored by companies. A main focus of GDPR concerns the individual's right to be forgotten, which means the removal of all personal data upon request. Data controllers must make it easy for individuals to withdraw consent if they want to do so.

Why has ParishSOFT enabled GDPR features for all users of the Family Suite applications when the GDPR regulations do not apply to most ParishSOFT customers?

ParishSOFT made the decision to implement features and functionality in the Family Suite that help make it easier for our customers to comply with GDPR regulations. We believe that this is a world-class standard that we should support. Therefore, we have made these features available to all of our customers regardless of their physical location or place of business.

What if my diocese does not want to make the GDPR forget features available to any of the parishes in the diocese?

If a diocese does not want to make these features available to any of the parishes in the diocese, they should contact the ParishSOFT support team to discuss options available to manage the forget features designed to help them with GDPR compliance. There are some options that we can configure in the ParishSOFT Family Suite application to help match the application with the diocese workflow.

Does the Forget feature in ParishSOFT Family Directory delete family and member records?

No. The Forget feature actually entails an edit to the family and member records. The forget feature will remove individual data field values from the member record if it is allowed in the application edit interface. If data cannot be removed in the edit interface, the system will replace personally identifiable data with anonymous data such as GDPR.

What users have access to the GDPR Forget features in ParishSOFT Family Suite?

Users with Family Directory Add/Edit access rights have access to the GDPR forget features in the application. Because the Forget process edits individual data values and does not delete records (a.k.a. the whole family), the feature does not require Family Directory View + Delete access rights.

Can I recover a family or member record that I have forgotten by mistake?

No. The process is not reversible. The spirit of the GDPR regulation is to remove the data upon request by the family or member. Keeping copies of the data would not follow the spirit of the regulations.

Is the forget family or member feature the same as a deleting a family?

No. Deleting a family removes your parish or organizations relationship with the records and removes the data that is specific to your organization. Since many record values like family address can be shared in the ParishSOFT Family Suite with other organizations, deleting a record does not remove all of the data, so as to not remove data other organizations in the diocese may be relying on. Forgetting a record is actually removing the individual data values on the record where permitted by the application business rules. If the individual business rules are not permitted to be removed, they are change to protect the identity of the respective family and members.

Does forgetting records modify my parish sacrament records?

No. Sacrament records are one of the core values of the ParishSOFT Family Suite system. Therefore, the sacrament records are not edited by the Forget function. Your sacrament register data integrity is retained.

Does forgetting records modify my contribution and pledge data?

No. The actual financial records remain intact after the family or member is forgotten. This maintains the integrity of your financial records. Where the financial records linked back to the family or member record, the linkage is retained, but the family and member identifiable data has been removed.

Does forgetting records modify my Religious Education student records?

No. The student records stay intact after the related family or member records are forgotten. This does mean that you will not be able to seen the names or contact information for the students who were forgotten, but your data such as class roster, will still have accurate counts.

Will there still be representative family and member records in the system after I forget a family or members?

Yes. There will still be shells of the family and member records, but the data consists of personally identifiable information will be removed by the Forget process.

What is the purpose of the GDPR reports?

The GDPR reports are to "prove" that records were forgotten. In the event of an audit, the burden of proof for complying with a request to be forgotten is on the data controller. This report coupled with the inability to find a family or member by their identifiable information should provide proof that you removed their data from the system without destroying the core data systems around sacraments, contributions, and student records.

What happens when a parish forgets a family that is not registered at their parish?

The Forget process is only able to modify data that the current organization has access to, so it only modifies the fields that are under the organization's control. In the family record and Member Details, these fields are labeled in red text.