logo

General Data Protection Regulation (GDPR)


The National Church has now published online resources to help you to comply with the new General Data Protection Regulation (GDPR).

GDPR will take effect in the UK in May 2018. It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations. Parishes must comply with its requirements, just like any other charity or organisation.

There are a number of actions that the PCC should take before the new regulations take effect in May 2018. 

Essentially parishes should do the following:

  • gather consent for outward communications of a marketing or fundraising nature.
  • Personal data should be adequate, relevant and not be more than is needed to complete the task for which it was collected. However, keeping records for historical and research purposes are a legitimate reason for keeping them
  • develop a privacy notice and to ensure they have procedures in place to manage requests from people about their personal data under GDPR.

The Parish Resources website has the following useful links that you should read:

Main GDPR page
A brief guide to GDPR
Simple check list
A sample privacy notice
Diocesan privacy notice
FAQs and common myths

Another useful site you could also look on is www.gdprforchurches.org.uk they offer practical advice on their website, but also offer GDPR Seminars (small cost involved) and free webinars

A sample Data notice for a PCC Secretary and Clergy is available here

Gloucester Diocese have also created a very helpful FAQ page which they have said we can use and you can find that here