Data Protection and the GDPR
NEW - slides from the Area Data Protection Training events can be downloaded here.
From 25 May 2018 data protection law changed significantly with the introduction of the General Data Protection Regulation (GDPR).
The National Church have prepared very useful guidance to help PCCs in their compliance with the GDPR. This contains samples and templates for some documents which will be required under the GDPR.
The guidance can be found on thie Parish Resources website.
Please refer to this website periodically as the material on it is being update on a regular basis. Most recently an FAQs document has been added and specific guidance on fundraising events and giving reviews have also been added.
All parishes process personal data. 'Processing' is a term which covers all possible uses of personal data, obtaining, sharing, storing, deleting etc. Personal data should be processed in accordance with the principles which are set out in the GDPR.
Detail on these principles can be found here - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/
To assist PCCs to adhere to these principles it is recommended that each Parochial Church Council (PCC) have a Data Protection Policy, Privacy Notice and Written Procedures. It is also recommended that they appoint someone or a small group to lead on Data Protection issues and consider how the PCC complies with the law. Even though PCCs are not obliged to have a Data Protection Officer they will need someone to oversee the work and assist with compliance.
It is still possible to register as a Data Controller with the Information Commissioner's Office (ICO). There is an online self assessment, which may help to determine whether the PCC needs to register - ICO self-assessment
The ICO website also contains helpful guidance on complying with Data Protection law.
Over time, PCCs acquire a great deal of records. The National Church have prepared guidance on retention of these files - Keep or Bin? .