Data Protection Law and Your Church
From May 2018 it's a legal requirement for every church to conform to the General Data Protection Regulation, which dictates how you can use people’s personal data. Our Practical Services team have been exploring all the ins and outs of GDPR so that you don’t have to.
It’s the first morning of your church’s holiday club. Volunteers are buzzing around; parents and children are beginning to wander through the door. Excitement is mounting. You’re ready with your registration sheet to take names, addresses, phone numbers and dietary information so you can keep in contact with the family.
Or perhaps you’re looking through the new list of church members, updating addresses and phone numbers, trying to format it all.
But what do you do with the information you’re holding? How do you keep it? How do you make sure it’s safe? These questions will become even more important in 2018 when changes in data protection law come into force.
From 25 May 2018, the 1998 Data Protection Act will be replaced by the General Data Protection Regulation (GDPR).
This will mean changes for how your church handles personal information and it also means more consequences for you when information isn’t properly looked after. From May 2018 churches will have an even greater responsibility to care for the information that the mum from holiday club scribbled down on a registration form.
So what’s happening and what does it mean for your church? How can we love our church families and communities well as we seek to honour God in this? Here are some questions and pointers to get you thinking how to approach this positively.
Review your current procedures
What personal information does your church keep? Addresses, phone numbers, email addresses or members or other contacts? Who uses this information? How do you store it?
One the major changes which will come in with GDPR is how you get consent for the information you hold. Consent will need to be given clearly in a separate form. Do you have a process for this?
Storing information securely
How do you store the information you hold? If it’s paper copies, are they securely stored? If it’s stored digitally, is it encrypted? Who has access to the information?
GDPR will mean churches need to be more aware of securing information from any ‘data breaches’. Your church will be responsible for looking after the information that people trust you with.
Using information responsibly
Do you have someone who is responsible for data protection in your church? How long do you keep information for? Why do you keep it? Get thinking about how you can incorporate data protection in the planning level of all your events. Get used to factoring it into your planning and processes.
This may seem like a lot of information to take in, but don’t panic! We’ve done a lot of the thinking for you and you can read the details in this booklet. To help you implement these changes, we have produced a pack of model documents which are available for you to buy. This pack includes:
- Data protection policy and guidance
- Information security policy
- Draft privacy notice
- Retention of records policy
- Complaints process
- Audit checklist for compliance
- Breach procedure
It’s available to FIEC churches for £100+VAT and to non-FIEC churches for £150+VAT. Please email firstname.lastname@example.org if you would like to purchase it. You can also call on 01858 411569.
We hope this pack helps you to serve your congregations and communities in a God-honouring way as we navigate our way through these changes.
First published on 28/11/17 and last updated on 23/01/18.
This information has been provided by solicitors working for Edward Connor Solicitors. It is designed for the purpose of knowledge sharing only and does not constitute legal advice.
Edward Connor Solicitors is a registered charity (charity number 1175305) and a company limited by guarantee registered in England and Wales (company number 10821224). Its registered office is at 39 The Point, Market Harborough, Leicestershire LE16 7QU. It is registered for VAT (number GB 277792346). It is authorised and regulated by the Solicitors Regulation Authority (number 640691).