General Data Protection Regulation (GDPR)

The National Church has now published online resources to help you to comply with the new General Data Protection Regulation (GDPR).

GDPR will take effect in the UK in May 2018. It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations. Parishes must comply with its requirements, just like any other charity or organisation.

There are a number of actions that the PCC should take before the new regulations take effect in May 2018. 

Essentially parishes should do the following:

  • gather consent for outward communications of a marketing or fundraising nature.
  • Personal data should be adequate, relevant and not be more than is needed to complete the task for which it was collected. However, keeping records for historical and research purposes are a legitimate reason for keeping them
  • develop a privacy notice and to ensure they have procedures in place to manage requests from people about their personal data under GDPR.

    The Parish Resources website has the following useful links that you should read:

    Main GDPR page
    A brief guide to GDPR
    Simple check list
    A sample privacy notice
    FAQs and common myths

    Another useful site you could also look on is www.gdprforchurches.org.uk they offer practical advice on their website, but also offer GDPR Seminars (small cost involved) and free webinars