DCLM Privacy Policy
A comprehensive data protection policy drafted to align the ministry's global digital presence with the Nigeria Data Protection Regulation (NDPR) and international standards.
01. The Problem
The ministry needed to formalize how member bio-data, church records, and career information are collected and processed across various platforms (Web, Mobile, and Portals) while ensuring legal compliance.
02. The Logic
Categorized data into three main silos: Bio-data, Church data, and Career data.
Established a 'Super Admin' hierarchy with restricted access for Zonal, State, and Group Pastors.
Integrated 'Data Sanitation' protocols for secure storage on AWS and Microsoft Azure.
Mapped user rights including the Right to Rectification and the Right to Erasure (Data Portability).
03. The Stack
04. The Solution
Implementation Result
Drafted a layered privacy notice that clearly defines the 'Data Controller' responsibilities, transparency in third-party sharing, and the appointment of a Data Security Lead (DSL).
Key Outcomes
- 01.Improved compliance alignment with NDPR/GDPR for the DCLM Members Portal.
- 02.Implemented secure authentication protocols for all organizational data roles.
- 03.Standardized data collection forms across global regions (Nigeria, UK, Finland).
Reflection
- Balancing religious community needs (pastoral care) with strict data privacy requires a nuanced approach to 'Sensitive Personal Information'.
- Role-based authorization is the most effective way to manage decentralized church administrative structures.