Maintain privacy & confidentiality

Making It Easier > Making it easier to... > Serve on a PCC > Maintain privacy & confidentiality

As a public body and a charity, your PCC has a responsibility to keep your members' personal information private and confidential. We expect all parishes to abide by the principles of Data Protection

Managing people's records responsibily
Parishes and worshipping communities keep data and information about people. Typically you will have information about:
  • Details of parishioners - particularly those on the electoral roll
  • Information about those who give money to your church community
  • Information about people asking for baptisms, weddings or funerals
You may also have information about a wider group of people you wish to contact for fundraising purposes.

It is right for you to have that information but you have a responsibility to manage it sensibly. So, whether you store it on a computer or in a filing cabinet, you must comply with the law - the General Data Protection Regulation (GDPR).
The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a stronger version of the Data Protection Act with which we are already legally obliged to comply.

It takes into account the massive changes in technology since the Data Protection Act was introduced in 1988. GDPR came into force on 25th May 2018 to enhance and strengthen an individual’s rights.

All parishes and clergy must comply with GDPR. As soon as you gather information – on an electoral roll or mailing list for instance – then you need to comply. The GDPR does not prevent you from holding data provided you treat it responsibly.

You will need to comply if you hold information that can identify a person by reference to any of these things
  • Name
  • An identification number
  • Address
  • Email address
  • Sensitive personal data (health, sexual orientation)
Advice on complying with GDPR
Church of England guidance

We recommend that you visit the Parish Resources website and follow the national church's advice on complying with GDPR.

The Information Commissioner's Office (ICO)

The Information Commissioner is the person appointed by the government to regulate GDPR. You can find their guides for organisations on their website.

Our Data Protection Adviser

For any advice or support from our diocese email Brenda Edwards

Making it easier

Useful resources

Information Commissoner's Office (ICO)
For general advice about data protection and the 1998 Act.

Care of Records - Church of England
Useful information for the care and upkeep of parish records.

Clergy Privacy Notice