Data Protection: Parishes and the ‘GDPR’
The General Data Protection Regulation (GDPR) has now replaced the previous law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations. Parishes must comply with its requirements, just like any other charity or organisation.
All parishes use personal information to carry out their many functions supporting the mission and ministry of the Church of England. Legislation requires and sometimes empowers individual parishes to provide goods and services to the wider Church.
They collect a wide range of personal data required for or incidental to the discharge of its functions, involving employees, clergy, pensions, housing, public consultations, recruitment and appointment etc. The Diocese of Liverpool will endeavour to ensure that each parish uses personal information in line with the expectations and interests of those with whom they come into contact, including their employees, officeholders and customers, for the benefit of the Church and wider community and in compliance with data protection legislation.
In this section, we will aid parishes in good Data Protection practices and record-keeping.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation is a stronger version of the Data Protection Act which we are already legally obliged to comply with. It takes into account the massive changes in technology since the Data Protection Act was introduced in 1988. The GDPR enhances and strengthens an individual’s rights.
All parishes and clergy must comply with GDPR. As soon as you gather information – on an electoral roll or mailing list for instance – then you need to comply. The GDPR does not prevent you from holding data provided you treat it responsibly.
You will need to comply if you hold information that can identify a person by reference to any of these things
- Name
- An identification number
- Address
- Email address
- Sensitive personal data (health, sexual orientation)
Our Data Protection Adviser
For any advice or support from our diocese contact Pamela Ambrose Pamela.ambrose@liverpool.anglican.org
Managing people’s records responsibly
Parishes and worshipping communities keep data and information about people. Typically you will have information about
- Details of parishioners – particularly those on the electoral roll
- Information about those who give money to your church community
- Information about people asking for baptisms, weddings or funerals
You may also have information about a wider group of people you wish to contact for fundraising purposes.
It is right for you to have that information but you have a responsibility to manage it sensibly. So whether you store it on a computer or in a filing cabinet you must comply with the law. And that law is the General Data Protection Regulation (GDPR)
Advice on complying with the GDPR
We recommend that you visit the Parish Resources website and follow the national church’s advice on complying with GDPR. You can find this at
www.parishresources.org.uk/gdpr
The Information Commissioners Office (ICO)
The Information Commissioner is the person appointed by the government to regulate GDPR.
You can find their guides for organisations on their website https://ico.org.uk/for-organisations/
Our Data Protection Adviser
For any advice or support from our diocese contact Pamela Ambrose
Pamela.ambrose@liverpool.anglican.org