13/10/2017

Get ready for the General Data Protection Regulation

Parishes need to think about the personal data they hold and come up with a plan of action so you comply with the regulation which comes into force on May 25th 2018.

Clergy and PCCs need to make preparations for the General Data Protection Regulation (GDPR) which comes into force on May 25th 2018. And the best way to start is to follow our simple steps.

The General Data Protection Regulation is a stronger version of the Data Protection Act which we are already legally obliged to comply with.  It takes into account the massive changes in technology since the Data Protection Act was introduced in 1988. The GDPR enhances and strengthens an individual’s rights.

All parishes and clergy must comply with GDPR. As soon as you gather information – on an electoral roll or mailing list for instance – then you need to comply.  The GDPR does not prevent you from holding data provided you treat it responsibly.

You will need to comply if you hold information that can identify a person by reference to any of these things
  • Name
  • An identification number
  • Address
  • Email address
  • Sensitive personal data (health, sexual orientation)
 
Your first simple steps
You must take this seriously but you don’t need to panic. We will be issuing plenty of guidance and forwarding information from the national church and Information Commissioners Office (ICO). But for now take these simple steps.

Step One: First you need to appoint a “Data Compliance Officer”. That may be your PCC Secretary or employee. They need to be your expert (and a key person for us to send information to. When you have chosen this person ask them to email communications@liverpool.anglican.org so we can keep them up to date with information

Step Two: Talk about GDPR at your PCC so all your trustees share in the responsibility for making this happen

Step Three: Review the personal information you hold. You can use this form to help you.
You will then need to do some work around how you seek consent, keep and delete data, how you manage requests for information and other elements of this. We will be putting together further briefing about this over the next few weeks.

See here for more detailed guidance


Thanks to the Diocese of Portsmouth for documents and support in putting this information together.


News & Events

Advice from the Information Commissioners Office

You can get useful information and advice from the Information Commissioners Office here

https://ico.org.uk/for-organisations/data-protection-reform/

General Advice

Diocesan advice

See our page www.liverpool.anglican.org/Data-Protection


Government advice

For general advice about data protection and the 1998 Act.
www.ico.org.uk