Lavender Lavender

Data Protection and Parish Records

The ICO website also contains helpful guidance on complying with Data Protection law.

Data Protection and the GDPR 

From 25 May 2018 data protection law changed significantly with the introduction of the General Data Protection Regulation (GDPR). The purpose of this page is to assist clergy and parish officers in their compliance with data protection legislation.

If you are seeking information on how the diocese complies with data protection legislation, please visit this page - Data Protection and Privacy

All parishes process personal data. 'Processing' is a term which covers all possible uses of personal data, obtaining, sharing, storing, deleting etc. Personal data should be processed in accordance with the principles which are set out in the GDPR.

Detail on these principles can be found here.

To assist PCCs to adhere to these principles it is recommended that each Parochial Church Council (PCC) have a Data Protection Policy, Privacy Notice and Written Procedures. It is also recommended that they appoint someone or a small group to lead on Data Protection issues and consider how the PCC complies with the law. Even though PCCs are not obliged to have a Data Protection Officer they will need someone to oversee the work and assist with compliance. There are two template policies listed below which are based on templates offered by the National Church. Please bear in mind that they are only templates and therefore consideration needs to be given as to what is appropriate in each context. If adopted each PCC would be responsible for reviewing their own documents and keeping them up to date. 

Should the PCC need to conduct a Data Protection Impact Assessment (DPIA) please use the template offered by the ICO which can be downloaded here

The National Church have prepared very useful guidance to help PCCs in their compliance with the GDPR. This contains samples and templates for some documents which will be required under the GDPR.

The guidance can be found on the Parish Resources website.  

Please refer to this website from time to time as the material on it is being updated periodically.  

Data Controllers need to pay an annual fee to the ICO, unless they are exempt. There is an online self assessment, which may help to determine whether data controller is exempt - ICO self-assessment

The ICO website also contains helpful guidance on complying with Data Protection law. 

Slides from the Area Data Protection Training events can be downloaded here.

Parish records

Over time, PCCs acquire a great deal of records. The National Church have prepared guidance on retention of these files - Keep or Bin?

For more information or to report anything wrong with this page please contact Nathan Whitehead