GDPR Advice for Churches

In this modern world where information can be accessed and shared quickly, GDPR brings in some new regulations regarding the handling of personal information. 

The church will be the data controller as they have control of the data. There should be at least one person in the church who is responsible for ensuring that the church handles data in the correct way. It should be recorded as to who this person is.

A Data Protection Officer is an official title within an organisation and some churches will have this role. However for most churches it is unlikely that they will have a DPO but instead would have someone who assumes the responsibilities without the title. 

Treat the data of others as you would wish your own to be treated. You will store data electronically so it is important that this information is stored securely. If you have data held on USB, CD, or memory card then you must handle these media carefully.  Taking precautions such as password protecting the data before it is transferred to an external device is important. An address list containing contact details of the whole church fills up a very small part of a USB stick, yet without common-sense practices the USB can easily be left unattended or copied onto a shared computer. If you have an electronic copy of someone’s data then make sure it is securely deleted from any computer or media when it is no longer being used.

You may print out information to take to a meeting but if this contains personal data then make sure that it is securely stored or, ideally, destroyed after use.    

If you store data on shared services such as Google Drive or DropBox then it should be clear as to who has access to this information.  

Your church should have a written 'organisation security description' which includes the purpose of collecting and using the data. 

How iKnow Church can help

iKnow Church is cloud-based software designed especially for churches and is a secure place to store data. iKnow Church has advanced access controls so only the right people can access information about church members. 

By default, members who login to iKnow Church can only see their own information. Access to further information is controlled by the church.

iKnow Church also ensures that the data is held securely on our servers. All connections to iKnow Church are over a secure connection and we also use the services of a Crest Certified Penetration Company to test the security of iKnow Church. 

Privacy Policy | Website terms and conditions