While most state privacy laws exempt non-profit organizations, it is a best practice for churches and faith-based organizations to have a privacy policy informing members about how their personal information is handled. It is especially important to note that faith-based non-profit organizations are not exempt from compliance with the General Data Protection Regulation (GDPR) —
A Resource for Privacy Developments and Cybersecurity Risks in an Era of Evolving Technology