Support for Insight and ChurchInsight users

How can we help you today?

Support > GDPR > Review and setup your required consent questions (GDPR)

Banner images-layered-1200px 3

The first question to ask yourself is ‘What consent do we need to ask people for?’ This all depends on how you interpret the new legislation and what you do with a person’s data. You are responsible for the data you collect, how you collect it, and what you do with it. It is your responsibility to make sure you are compliant with any legislation.

Do you need to ask people for their consent to hold their data? You need to determine a ‘lawful basis’ for processing data. For most churches, this will either be ‘legitimate interest’ or it will be that you have the person’s consent to use their data. Legitimate interest essentially means that you use personal data in a way that people might reasonably expect for the running of your church. If you need to use someone’s personal data in a way that they might not reasonably expect, then you need to gain their consent.

Please be aware that if you do nothing in regards to the guides in this GDPR section, nothing will change in your Insight site. Please read the guides and carry out the relevant actions as required.
 

Full Refresh Considerations

You may also decide that you wish to refresh the data in your site completely (for example, legitimate interest covers your church members, but your database may include people who aren’t church members). Obtaining consent could be part of that process. However, be aware that if you explicitly ask for consent to hold and use someone’s data in general, and they don’t provide it, then you must delete their data completely (from everywhere, not just Insight). So be careful how you word your consent questions – and you may want to consider having multiple consent questions for specific areas.

If you do plan on a full refresh, you'll need to have an active Consent under which you can send a Mailing (see following sections) but when contacts come to update their Consent, nothing should be pre-ticked. You can do this in one of two ways:

  1. Use the existing General Communication Consent (see below) to send the Mailing, then immediately clear this for all contacts
  2. Create a new General Communication Consent for use after May 25th, which is not set for anyone, and hide the current one. Send the GDPR Mailing using the current hidden one, and then delete it. If you have multiple Mailing Channels configured, you can move these from the old consent question to the new consent question before sending the mailing.

 

Changes to Mailing Channels


Mailing channels are an existing part of the Insight system, and allow your members to state their preferences for the type of the communications they want to receive from you.

However, they have always been default opt-in, which is no longer allowed by GDPR.

Mailing channels are now grouped under consent fields. The user has to have agreed to the overarching consent before they can receive communications through the associated mailing channels.

Under Site Settings > Users > Consent & Mailing Channels we have added two consent questions for you. These are:

Consent to hold data:

“I consent to my personal information being stored and used by {your organisation} for administration purposes. I understand that I can withdraw my consent at any time. Further information is available in the {your privacy policy}.”
 
We have added this consent question as an example of the sort of consent you might want to seek for some types of data processing. However, for many churches who are just maintaining records of members,  this won’t be necessary as you will consider that legitimate interest is a better lawful basis for holding the data. If this is the case then you can simply delete this field.

And

General Communication Consent:

“I consent to {your organisation} contacting me with updates. I understand that I can withdraw this consent at any time.”

With the General Communication Consent question you will see we have moved your existing mailing channels into it so that once someone has given their consent they can further refine how they receive your communications.

Consent Questions 1
Our new consent questions

You can edit each consent question and mailing channel by clicking on the pencil icon to the right of the screen. You can delete them by clicking on the red bin icon as well.

Using the + button in the bottom right hand corner of the screen you can add consent questions and mailing channels. Here are the instructions for adding them to your site.

Again, this consent question is an example of the sort of question you might need to ask. For many churches this will be sufficient as a general purpose consent to be contacted, but for larger churches or others that send out a wider range of mailings, it may be desirable to add further questions to provide better choice about the types of communications that your members would like to receive, and to ensure you have adequate consent for the ways that you want to use the data.

Consent Questions 2
Add, edit and delete consent questions and mailing channels

 
Adding a Consent Question:

Go to Site Settings > Users > Consent & Mailing Channels and hover over the blue + icon at the bottom right of the screen and select ‘Consent Question’. You can also use the blue tasks button at the top right and select the same task.

Consent Questions 3
Adding a consent question

1) Give the field a title:
The title isn't shown to your users, but is used to identify the field in listings

2) Keep it set to visible to users:
Uncheck this box to stop the consent field appearing to users. It will still appear to administrators in the web office. This is useful, for example, if you no longer want to collect this consent, but you want to keep a record of the consent you already have, or if you don't want to collect the consent online (e.g. because it is collected via a paper form)

3) Write your consent question:
Give details about what you are asking consent for. You can include links to further information (for example detailed terms and conditions), but this text should contain the important details about what the user is consenting to.

4) Click SAVE

 
Adding a Mailing Channel:

Go to Site Settings > Users > Consent & Mailing Channels and hover over the blue + icon at the bottom right of the screen and select ‘Mailing Channel’. You can also use the blue tasks button at the top right and select the same task.

Consent Questions 4
Adding a mailing channel

1) Give the channel a name

2) Give the channel a description

3) Group the channel under a consent question

4) If required, you can add an image for the mailing channel.

5) Select the available correspondence methods:
The available correspondence methods are the different ways a user can be contacted. Each user, with login access, can select their preferred correspondence method for each mailing channel.

6) Set the default correspondence method:
If the user doesn’t state a preference for this mailing channel, the default correspondence method is the one that is automatically selected for each user once they have given their consent to the parent consent question.

7) Click SAVE

 
Enabling Consent and Mailing Channels

Once you have configured your consent questions, you need to make sure they are seen and answered by people who sign up on your website.
To enable your chosen consent questions go Site Settings > Users > Registration Form.

You can set the consent section of the form to ‘Yes’ to request the information, and set if you want to list all consent fields, or to just add certain ones you want by choosing ‘Custom set of fields’.

Consent Questions 5
Enabling Consent and Mailing Channels

These consent questions will now appear on your registration form on your website.
 
Why would I not want to add all of them?

You may need to use different consent questions for the different way you hold and manage data for things like:
  • Profile editor module
  • Payment groups
  • Check-In
We have built consent questions so you can pick and choose the questions you need for all circumstances.


Following the GDPR Action Plan? Read the next guide Update your privacy policy