Jump to content
JWTalk - Jehovah's Witnesses Online Community

Hourglass App and the GDPR


Recommended Posts

Seeing as the original thread, voicing the poster's concern, was closed (https://jwtalk.net/forums/topic/24844-hourglass-app/) I have started this new one.

The new European Data Protection Law comes into play this Friday (25th May 2018) so ALL companies and individuals who hold data about European citizens have to comply by this date.

 

My concern with Hourglass is that it holds what the Spanish Data Protection Agency (AEPD) classes as Super-protected data: sex, telephone numbers, personal address etc etc. This would be fine if it was stored on the secretary's own computer with adequate protection or on JW's own servers (this is in the works with the new Publisher ID program) but it is stored on Jon Snyder's server.

 

What happens if he were to get disfellowshipped or leave the organisation for whatever reason? That's a heck of a lot of personal data he has access to. Plus, the majority of brothers and sisters aren't aware that he even HAS their data as it is the congregation secretaries who input it all. I don't have an account for example with him but my data is in his program because our secretary uses it. That's a breach of the GDPR right there as I never gave my consent. Plus there is no way to delete your data unless you have a personal account with Hourglass. Breach number two. For every person he has stored in his database, he has to by law, send them an updated consent form explaining how he will use their data, for how long for, in what format and inform them of their right to access, modify, oppose or delete their data. he has not done this, breach number three.

 

What's all the fuss?,  you might be asking. The fact that our organisation is getting the GDPR forms filled out ASAP shows you they mean business as hefty fines abound for non-compliance. Even though CCJW is based in America, they hold data on European citizens so they have done their due diligence and rolled out these forms. If it was a trivial matter, then they wouldn't have bothered.

 

So brother Joao from Portugal raised a legitimate concern two years ago that is even more relevant today.

 

Last of all, here is a list of the fines for non-compliance:

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9
  • The data subjects’ rights under Articles 12-22
  • The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49
  • Any obligations pursuant to Member State law adopted under Chapter IX
  • Any non-compliance with an order by a supervisory authority (83.6)

 

The value of the fine to be imposed is not clear-cut and the behaviour of the organisation will be taken into account when determining the value of the fine. This means that organisations certainly have the opportunity to influence the reduction of any fines by acting to fully comply with the Regulation. This includes promoting a culture of data protection and being able to show the steps taken to comply. Organisations that proactively report breaches will be given more credit, showing that the intention and attitude of a company will be considered.


Edited by Stoffer

Additional info on the fines
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

About JWTalk.net - Jehovah's Witnesses Online Community

Since 2006, JWTalk has proved to be a well-moderated online community for real Jehovah's Witnesses on the web. However, our community is not an official website of Jehovah's Witnesses. It is not endorsed, sponsored, or maintained by any legal entity used by Jehovah's Witnesses. We are a pro-JW community maintained by brothers and sisters around the world. We expect all community members to be active publishers in their congregations, therefore, please do not apply for membership if you are not currently one of Jehovah's Witnesses.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

JWTalk 22.12.4 (changelog)