Does WELS have any policies or guidelines for how its congregations or affiliated organizations are supposed to handle personal data of their members or people whom they are in regular contact with? There are especially a couple of practices I've noticed in some congregation (not necessarily WELS) that some people find objectionable: 1) Demanding that people who participate in certain activities as a prerequisite accept to have their photos etc. appearing in various "promotional material" on social media or church websites. 2) Revealing personal information on individuals in prayers or prayer requests that are broadcast in video or audio, and thus accessible to a larger audience.
There are no synodical guidelines or policies to which I can point you. Church insurers do make available to churches information on risk management and privacy issues. It is important for churches to review that information and follow procedures that are outlined.
In addition, it is wise for churches to retain legal counsel to assist with these and other matters.
You might be interested in a recent blog by WELS’ Chief Technology Officer that addressed questions about the European Union’s General Data Protection Regulations. This link will take you to that blog.