GDPR Resources

What is the ‘GDPR’, and what do we need to do about it?

Through its Parish Resources website, the Church of England offers two guides to help you: a two page overview (designed for use with PCCs) and a more detailed guide for the person implementing this in the parish.

There is also a checklist available which covers the actions outlined in the guides to help you monitor progress.

It’s helpful to start by carrying out a data audit (see below).

If you don’t already have the consent that you need to communicate with people, you’ll need to gather this. We’ve guidance and sample forms available for you to use here.

You will need to produce a Privacy Notice. If you have a website, it’s good practice to make this available online so people can access it. We provide a Sample Privacy Notice (see attached file below) that you can amend and adopt, and click here for some guidance on how you can write your own Privacy Notice.

Finally, whilst you will rely on consent for most of your communications, there will be some data processing you will want to do as part of normal church management for which you will not need to gain specific consent for that particular action – holding lists of group members, for example. This is covered by a special condition under the GDPR for religious not-for-profit bodies, provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without consent.

For up to date information and guidance from the Church of England keep an eye on the GDPR page here.

GDPR Data Audit

Click here for a link to the Church of England Parish Resource page giving guidance to help parishes get ready for and comply with the “General Data Protection Regulation”.

It’s helpful to start by carrying out a data audit – you may be surprised at just how much personal data is stored and processed around the parish.

A template for your use is available below.

12 Steps to Take Now

Information Commissioner's Office (ico.) guidance

This checklist highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which will apply from 25 May 2018.

For the PDF Download Click Here.


Life Events Ministry and GDPR

A Life Event service (the 'occasional offices' of baptisms or Christenings, weddings and funerals) is a wonderful opportunity to show the warmth of God’s love, and to welcome those who may not otherwise find themselves walking through the church doors. By carefully considering your approach to data protection, you can take advantage of these opportunities while ensuring safety and security for everyone involved.

For more information visit the Church Support Hub.

This reassuring video summarises the main points: