GDPR consent

One of the key elements in GDPR is having consent from people to store their data.

iKnow Church will always store who recorded the consent, be it the person themselves, or someone authorised in the church. iKnow Church also always records the date and time that consent was recorded.

There are various ways for consent to be recorded.

If you are uploading a CSV of people then at the final stage there will be a tick box signifying that all these people have given their consent. This will then record that consent has been given for all people being imported. However if consent has not been given for everyone, this box should remain unticked. You will then be able to use our consent tools to ask for consent.

Acessing the GDPR tools

To access the GDPR section of iKnow Church, go to Settings and click on Data Manager. In the GDPR section, click Start.

Please note that some of the phrases may be different in your iKnow Church as they can be dictionarised. The term ‘Data Protection Officers’ is one of those dictionarised phrases.

Customising GDPR

As this is the first time we are setting up the Consent part of GDPR we can customise the email and text message that is sent out requesting permission.

To do this, click on Permission Request Email. This will then show the default text but you can customise it. Every email that is sent out requesting consent will contain the text you enter here.

You do not need to personalise the email as at the start iKnow Church will automatically add their name.

When you have finished making changes press Save.

To personalise the text message that is sent out in a similar way, click on Permission Request SMS. When you have made the change just press Save.

When clicking on Permission Request Web Page, you can customise the text that appears at the top of the Consent page. This should explain to the person what they need to do. We will go through this page in a moment.

Click on Data Protection Email Address to specify the email address from which consent emails should be sent. If someone replies to the email then it will go to this email address.

See who needs to give consent

At the top of the GDPR page we can see how many people have not yet given consent, click on View next to No Response Given to see who is in this list.

If someone on this list has given permission, click Give Permission and add any relevant notes. This will also record the identity of the person who entered that permission was given. This will be stored in the audit history.

Contact people who need to give consent

You can close this window and open the tool to send out an email or text message to everyone by clicking on Contact People who need to give permission.

iKnow prefills text that is entered in the Permission Request Email. There is no need to enter a greeting, as iKnow Church will automatically place the person’s first name at the top of the email. At the bottom will be the unique link for each person to click on to give or decline consent.

To send the email, use the iKnow Church Communication Suite and it will send out an email to everyone in this list. If there is anyone in the list who does not have an email address then iKnow will give the option to download a CSV with names and addresses.

Here is how the email will appear in the recipient’s inbox.

Granting Consent

They can then click on the link and it will take them to the consent page where they can Grant or Decline consent for their information to be stored by the church. If the person is responsible for any children under 13 then they will also be able to grant or decline consent for each of these children.

The recipient can click on Grant and then press Save and the permissions will be stored in iKnow Church along with the date and time.

See who has given consent

If we go back to iKnow Church and refresh the screen you will see the numbers have changed.

When you click on View next to People who have given Permission then we can see the name of the person to whom we just gave permission.

To see what this looks like within the main people module of iKnow Church, go to People and then click on the name name of the person who just gave permission and click the Data Protection tab. This will display a full audit history of who gave permission.

Children aged 13 and over

The GDPR requires that parents or guardians must give permission for organisations to offer an online service in order to hold or process the personal data of those under the age of 16. An online service can be anything from a search engine, to bespoke software like iKnow Church.

However, there is a provision within the GDPR for member states like the UK to lower this age if they see fit. In the UK, the ‘age of consent’ for allowing the storage of their own data is 13.

When the child reaches 13 they themselves need to give their own permission, as well as allowing you to keep holding the older data.

The GDPR tools in iKnow include the option for your church to contact anybody who will be turning 13 in the next 30 days. This is because, even if parental permission has been previously given, once someone reaches 13, they will need to give their own permission.

See who has Declined consent

Here is what happens if someone has declined permission for their information to be held. If someone has done this, then unless there is a legal reason for storing it, the persons information should be deleted.

For people who have not responded to the request for permission, you can go back to the Communication Suite and send out a second email, or a text message.