From 25 May 2018 data protection law will change significantly with the introduction of the General Data Protection Regulation
The National Church have prepared very useful guidance to help PCCs in their compliance with the new law. This contains samples and templates for some documents which will be required under the new law.
The guidance can be found on thie Parish Resources website.
Training events for clergy and parish officers are being planned for early 2018. The details of how to book will be publicised soon.
All parishes collect data. That data should be held in accordance with the 8 principles which are set out in the Data Protection Act 1998.
These principles are:
1. Personal data shall be obtained and processed fairly and lawfully.
2. Personal data shall be obtained only for specified and lawful purposes and shall not be used for any other purpose.
3. Personal data should be adequate, relevant and not be more than is necessary to complete the task for which it was collected for. However, keeping records for historical and research purposes are a legitimate reason for keeping records.
4. Personal data shall be accurate and, where necessary, kept up-to-date.
5. Personal data should not be kept for longer than is necessary for completion of the task it was collected for.
6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection legislation.
7. Personal data should be kept securely and safely with appropriate technical and organisational measures being taken against unauthorised or illegal processing, accidental loss or destruction of personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country ensures an adequate level of protection of the rights of data subjects.
To assist those who work with data to adhere to these principles it is recommended that each Parochial Church Council (PCC) have a Data Protection Policy and appoint a Data Protection Officer. The content of the policy is for the PCC to determine. We have a suggested template, which could be used to assist PCCs in forming a policy - Template
Every organisation which processes personal data in an electronic form is required by law to register with the Information Commissioner's Office (ICO). There is an online self assessment, which may help to determine whether that is the case - ICO self-assessment
The ICO website also contains helpful guidance on complying with Data Protection law.
Over time, PCCs acquire a great deal of records. The National Church have prepared guidance on retention of these files - Keep or Bin?
For more information please contact Nathan Whitehead
Did you find what you were looking for or have any comments?