28 March 2023


Training for members and lay employees/collaborators who process personal data is not just a bureaucratic issue

The European Privacy Regulation No. 679/2016 (GDPR), as well as the General Decree of the Italian Bishops’ Conference (“Dispositions for the protection of the right to good reputation and privacy”) (General Decree) have introduced mandatory training for all members and collaborators of religious Institutes, Institutions and Congregations and provide heavy penalties for those who do not comply. What are the impacts and the opportunities resulting from the Regulation? How to implement a privacy training program?

The General Decree has reinforced the importance of privacy training within Religious Institutes, making it a mandatory security measure for all members and collaborators and not only for specialized figures such as the Data Protection Officer (DPO). Failure to provide privacy training is considered a violation of the law and is subject to administrative and disciplinary sanctions.

In case Religious Institutions also run economic or commercial activities, such as hospitals, schools, hotel facilities, or others, such activities are directly subject to the GDPR and the sanctions provided therein, and therefore it is no longer a matter “only” of administrative and disciplinary sanctions, but of pecuniary sanctions and heavy fines as well that can be imposed by the Italian Data Protection Authority.

The GDPR and the General Decree: what has changed?

With the entry into force of EU Regulation No. 679/2016 and the subsequent issuance of the General Decree, the importance of training with respect to data protection matters has received a new boost and has been made mandatory at all levels, including for religious entities.

With the new regulation introduced by the European Union and the Italian Bishops’ Conference, the rules regarding the processing of personal data have been reordered and has already led, in the last few years following their enactment, to numerous variations and changes in terms of their application in practice.

Privacy training: why is it so important?

Training should not be seen as mere bureaucratic compliance, but rather as an opportunity for religious institutions to make their members and operators aware of the risks involved in data processing and relevant security measures.

Indeed, the GDPR emphasizes “accountability” for all those who process personal data. This concept refers to the adoption of responsible, trustworthy conduct that demonstrates awareness of the importance of personal data protection measures.

For this reason, many Institutes are planning online and in-person training courses aimed at raising awareness among members and lay personnel about the value of personal data protection as a collective right and the right of the believer as an individual, as well as about the conscious and responsible use of technologies such as the Internet and e-mail.

How the training courses are conducted

Privacy training courses should have an interdisciplinary slant, with sessions on both legal matters and IT, on the organizational profiles of the Institute, the Entity, the Congregation, the Generalate, the Province, or related economic/commercial activity.

The objective is to enhance the understanding of all members and collaborators of the general and specific risks related to data processing, existing measures, as well as responsibilities and sanctions.

Today these are prerequisites for working within any kind of religious organization, so religious entities and institutes must commit to planning a training path and plan for their members and collaborators as soon as possible.

At the end of the training course there must be final tests and continuous refresher sessions shall follow in light of any regulatory changes.

Finally, it is very important that the training tracks are tailor-made, so the regulatory needs, the specific structure, target audience and priorities of the individual Institute must be examined and identified, as well as the purpose and mode of delivery (classroom or online) of each session.

Contact us to find out about DIKAOIS Training Courses and download the brochure here: DIKAIOS TRAINING COURSES GDPR 2023



Sign up to receive updates

We periodically send articles and communications of interest to Religious Congregations. Furthermore, we invite our members to all the free events we organize.

Our blog

The latest news

Articles that delve into topics of interest to Religious Congregations, written by our experts.

28 March 2023


Training for members and lay employees/collaborators who process personal data is not just a bureaucratic issue The European Privacy Regulation No. 679/2016 (GDPR), as well as the General Decree of...

Read more
2 November 2022


Religious Congregations are rethinking the management of their administrative burdens in a way that allows them to focus on their particular charisma and mission *** Provinces, houses and institutes...

Read more
28 October 2022

Data Privacy Obligations and Religious Congregatio...

Is your entity a Data Controller, a Joint Controller or a Data Processor?   Why does this question matter to Religious Institutes? In summary, a “Controller” is an entity that, alone or ...

Read more

Via Valadier 44 00193 Roma • info@dikaios.international

All rights reserved © Copyright 2023