The General Data Protection Regulation is a stronger version of the Data Protection Act which we are already legally obliged to comply with. It takes into account the massive changes in technology since the Data Protection Act was introduced in 1988. The GDPR enhances and strengthens an individual’s rights.
All parishes and clergy must comply with GDPR.
As soon as you gather information – on an electoral roll or mailing list for instance – then you need to comply. The GDPR does not prevent you from holding data provided you treat it responsibly.
You will need to comply if you hold information that can identify a person by reference to any of these things
An identification number
Sensitive personal data (health, sexual orientation)