Data Protection for
Churches & Non-Profit-Organisations

15+ years

of legal practice


in data protection

Award winning

legal practice in Germany


clients in over 35 countries

Data protection in the catholic and protestant church

The secrecy of confession is a law that protects people’s data. This law is very old, and it is still in effect today. Data protection law has evolved a lot since the 4th Lateran Council in 1215. Nevertheless, both the Catholic and Protestant churches still have special provisions that take precedence over the GDPR. This is because the churches have the right to regulate their own internal affairs.

Even though the churches have these special provisions, they have both chosen to use the „third way“ in labor law and data protection law. This means that there is a Church Data Protection Act (KDG) in the Catholic Church, and a Data Protection Act of the Protestant Church in Germany (DSG-EKD) in the Protestant Church.

Our data protection services for you:

Data Protection for churches and NPOs

3 steps to legal consultation

Simply fill out this form and one of our team will contact you to organise a free of charge, no obligation call.

Data protection for non-profit organizations and associations

Like churches, non-profit associations and organizations also enjoy a variety of special benefits, such as tax privileges. However, they do not receive preferential treatment when it comes to data protection law. Like any company, non-profit associations and organizations require a legal basis for all data processing. Furthermore, these entities must comply with the same data protection regulations as other organizations.

To ensure compliance with data protection laws, non-profit associations and organizations should designate a Data Protection Officer (DPO) to manage their data privacy program. The DPO should have relevant expertise in data protection law, which may include training or certification from international institutions. The DPO should be informed of all changes in data protection law and regulations, and must take appropriate measures to protect the personal data gathered by the organization. They should also regularly audit any processes that involve the collection and processing of this data.

Understanding data protection for NPOs

Non-profit associations and organizations must also ensure that they understand exactly how their members’ personal data will be used. Any data processing must be explicitly outlined in their internal data protection policies and communicated to members. Furthermore, organizations should use appropriate technical and organizational measures to ensure the security of the personal data they collect and process. This may include implementing encryption technologies for sensitive data, as well as adhering to best practices like data minimization and pseudonymization.

Finally, non-profit associations and organizations must stay informed on any data protection developments in their jurisdiction. They should ensure that they are familiar with all relevant regulations – including the General Data Protection Regulation (GDPR) – and that they remain compliant at all times. With a thorough understanding of data protection law and best practices

Group Data Protection Officer

Do you need an External Data Protection Officer?

Five steps to full service compliance:

Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.

We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.

Document the current data protection status and define further required actions if necessary.

We carry out all necessary measures identified during the data protection audit.

Designation as External data protection officer and on-going consultation starting from day 1.

Our service to you

How our data protection lawyers help churches

Top 5 Law Firm in Germany

At KINAST Attorneys at Law, we have a great deal of experience with data protection law for churches. We can provide comprehensive advice to dioceses, associations, corporations, foundations, and other church institutions on all aspects of data processing within the organization and in relation to employees and members. We also examine data flows to private or public bodies.

In addition, we can provide external data protection officers for ecclesiastical organizations, who must be appointed in accordance with § 36 Para. 1 DSG-EKD, or § 36 Para. 2 KDG, if at least ten people are entrusted with the collection, processing or use of personal data – or if the core activity of the responsible body consists of the extensive processing of special categories of personal data.

Church institutions face different regulatory challenges than secular organizations when it comes to data protection. That’s why we offer a concept for resource-saving data protection management that has been developed and proven over the years. Contact us anytime to discuss a tailored solution for your organization.

Legal focus on non-profit associations and organizations

At our company, we support non-profit associations and organizations with data protection. This includes checking the legal basis for data processing and correcting it if necessary. In the case of associations, this is usually the membership contract in combination with the association’s articles of association or a separate consent.

It is very important that all members receive information about data processing. Anyone who has access to sensitive data of members in associations and non-profit organizations must commit themselves to data secrecy (§ 53 BDSG). Furthermore, there are some topics that are relevant to data protection which we handle, such as using social media, recording working hours, online training or video surveillance. We also make sure that legal certainty is guaranteed when designing your own website.

Your data protection experts for the Churches & Non-Profit branch

Our legal teams help get churches and non-profit organisations on the right to data protection and compliance

Our team has a wide range of experience as consultants for churches, non-profit organizations and associated connections. We know how to handle the interfaces between data protection law and social law. And we ensure verifiable legal compliance, which will sustainably strengthen the competitiveness of your organization and minimize risks for associations and their employees (including volunteers). Please feel free to contact us for a non-binding consultation.

Send this page to a colleague?


Find out more about our individual legal services

Data Protection

Our Lawyers act as External Data Protection Officers (DPO) for small and medium-sized companies, associations, institutions and international corporations.

Data Protection

Working alonside a DPO, our Data Protection Managers help to implement data protection guidelines and ensures orderly and up to date documentation of your GDPR compliance.

Data Protection

Regular data protection audits ensure that your business continues to process and store personal data in a manner that’s compliant with ever changing data protection laws.

Ask us for a quote

Please provide our team with a few details about your company. This makes it easier for us to assign the correct expert for your needs

Let's talk

Simply leave your details here and one of our lawyers or data protection experts will get back to you as soon as possible.

Media enquiries

Simply leave your details here and one of our marketing team will get back to you soon.

Partnership enquiries

Simply leave your details here and one of our marketing team will get back to you soon.