The Community Dialogue Toolbox

Step 8:
Be mindful of privacy and GDPR

In order to make even one dialogue you will have to collect and process personal data of your participants - which means your activity falls under GDPR.

What more, if you do ask questions about personal views, political opinions or religious beliefs you are collecting sensitive personal data which need to be additionally protected. GDPR compliance is an important issue when doing dialogues.

Get a lawyer

We strongly recommend that you seek legal advice from the very beginning. Legal services are expensive but there are firms willing to do pro-bono work for people doing needed social work. Doing a GDPR compliance audit later on will impose a lot of work on your organization and could lead to you losing valuable participant data. Having it set up properly from the start will make your recruitment smoother.

Participants’ data, photos and videos need to be handled with great care and in compliance with GDPR rules, in line with the implementation laws in your country. Being a CSO does not relieve us from the demands of privacy protection - we are actually trusted more than businesses hence there is a higher expectation that we will fully respect data protection rules.

What you will need:

A privacy policy – this document states how you collect and process personal data on your website in general.

Consent to process data under your dialogue registration form – these should include all purposes or processes that you will use participant data in, such as registering them, choosing them, contacting before and after the dialogue, possibly sending post-dialogue materials or newsletters.

Consent to make and publish photos or videos – if you make pictures of your participants or record dialogues, you have to seek permission ahead. You also need a clear permission to publish those if photos or videos are to appear in your publications, on your website or social media channels.

Data processing agreements – those are contracts stipulating what your employees (ex. colleagues on your dialogue team) and contractors (ex. Zoom) are and aren’t allowed to do with the data you collect.

Consider a CRM

To make the management of consents easier it is useful to connect your registration forms to a basic CRM system. Then you can keep track of your participants and know whose data you are authorized to have and whose needs to be deleted. Some of this management can be automated. When organizing offline dialogues you are also obliged to collect consent for data processing and photography.