GDPR Advice for Churches

Anyone who has their data stored on your church database can request to see a copy of this data. This includes everything that is stored about that person on your database. This isn’t something that is new to GDPR but has been around as part of the current UK Data Protection Act and is often terms Right of Access. 

What has changed as part of GDPR is that the data should be provided to the person at no charge. Previously organisations could charge an admin fee of £10 but from 25th May 2018 it must be at no cost. The exception to this is if a data subject is making access requests very frequently (i.e. every week) and then it could be justifiable for the church to charge a small fee.

The data should be provided in electronic format and it must be clear as to whom the person should contact to ask for this information. The information must be supplied within 30 days of receiving the request. When providing this information it should be made clear to the person what your church’s policies are on the retention, correction and deletion of that data. 

Your church will likely store address details and contact information about each member. However there may be additional information held such as pastoral notes and giving information.  There has to be a valid reason as to why this information is being held and this should be linked to your privacy policy.


Privacy Policy | Website terms and conditions