As a public body and a charity, your PCC has a responsibility to keep your members' personal information private and confidential. We expect all parishes to abide by the principles of Data Protection
Managing people's records responsibily
Parishes and worshipping communities keep data and information about people. Typically you will have information about:
You may also have information about a wider group of people you wish to contact for fundraising purposes.
It is right for you to have that information but you have a responsibility to manage it sensibly. So, whether you store it on a computer or in a filing cabinet, you must comply with the law - the General Data Protection Regulation (GDPR).
Details of parishioners - particularly those on the electoral roll
Information about those who give money to your church community
Information about people asking for baptisms, weddings or funerals
The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a stronger version of the Data Protection Act with which we are already legally obliged to comply.
It takes into account the massive changes in technology since the Data Protection Act was introduced in 1988. GDPR came into force on 25th May 2018 to enhance and strengthen an individual’s rights.
All parishes and clergy must comply with GDPR. As soon as you gather information – on an electoral roll or mailing list for instance – then you need to comply. The GDPR does not prevent you from holding data provided you treat it responsibly.
You will need to comply if you hold information that can identify a person by reference to any of these things
An identification number
Sensitive personal data (health, sexual orientation)
Advice on complying with GDPR
Church of England guidance
We recommend that you visit the Parish Resources website and follow the national church's advice on complying with GDPR.
The Information Commissioner's Office (ICO)
The Information Commissioner is the person appointed by the government to regulate GDPR. You can find their guides for organisations on their website.
Our Data Protection Adviser
For any advice or support from our diocese email Brenda Edwards email@example.com