Masonic data falls under the category of sensitive data as defined by the GDPR. Article 9 generally prohibits their processing, except in strictly defined cases — including associations of a philosophical character processing data relating to their own members.
Concrete obligations
- Designate a data protection officer
- Maintain a processing register
- Guarantee hosting within the European Union
- Allow each member to exercise their rights (access, rectification, deletion)
A WhatsApp group or shared Google Drive meets none of these requirements.
My Lodge and GDPR
My Lodge was designed from the outset in compliance with these obligations: hosting exclusively in France (OVHcloud), encryption of data at rest and in transit, no advertising or data resale, and a GDPR data processing agreement available on request for Obediences.