GDPR is a new legislation that comes into force on the 25th of May 2018. It will affect all organisations that store personal information about individuals and this includes churches.
The General Data Protection Regulation (GDPR) will give people more rights into how their personal information can be gathered, stored and used. Every church will need to comply to the regulations being set out by this new legislation by the 25th of May, not doing so can incur strict penalties.
Many churches already comply with what is being brought in by GDPR, however, time should be invested into making sure that your church is fully compliant, so as to avoid any possible penalties.
If the GDPR legislation is new to you, here is an outline of the basic information that you need to know:
-
GDPR brings in new and updated rights for individuals regarding their personal data, and the church must have a legitimate, legal reason for holding a persons information. There are 6 possible legal bases that a church can use for holding data, make sure that you are aware of these. Click here for more information on the legal rights for holding a persons data
-
Anyone who has their data stored by your church can request to see a copy. This would include everything that is stored about that person, whether it be on spreadsheets, databases, documents, USB sticks or printed paper. A copy must be given within 30 days of the request being made (There is an exception to this if the communication includes another data subject). Should a person make this request electronically, such as by email, then information must also be supplied electronically. For churches using paper based systems, you will need to transfer all of this information to an electronic form. Find out more about the Right to Access by clicking on this link.
-
An individual may request for all their information to be erased, should a request be made, the church must comply by removing all their data, if the data has been shared with a third party, they too must be informed. There are exceptions to this right, such as for child protection purposes, for Gift Aid claims, or should the church have another legal basis for holding the data. You will also need to make any consequences of erasure clear to the individual, e.g. that you will not be able to schedule them on a church rota if you cannot hold the necessary data. Click here to find more information on the Right to Erasure.
-
Transparency is key to GDPR, the church must provide accessible information to individuals about how their personal data will be used. A comprehensive Privacy Notice therefore, must exist, outlining in detail all your plans for an individual’s data. If your church does not have a Privacy Notice then you can purchase a Draft Privacy Notice from our website, or click here for more information as to what should be included in your Privacy Notice.
-
Whilst your church doesn't necessarily need a Data Protection Officer in place, you will need to appoint someone to be responsible for data protection within your church. This person should be named within your church’s Privacy Notice so that everyone knows who they should contact, should they have any data-related concerns. You can click here to read further information on Data Protection Officers.
A lot of GDPR is common sense, treating an individual's data the way that you would want your own data to be treated, however it is important that churches understand what is required of them under GDPR so as to ensure full compliance. You can work through this GDPR Checklist to help meet compliance, however, we recommend that you seek legal counsel to ensure that your church is completely compliant with GDPR.
iKnow Church have been preparing for GDPR for a while now, and we have created a dedicated website to help churches become ‘GDPR Ready’, which you can visit here: www.gdprforchurches.org.uk. You can also find further information from the ICO website.
________________________________________________________________________________________________
GDPR Tools to help your Church
We have recently released a tool within iKnow Church to help your church with GDPR - for more information check out our GDPR Tool Page here
For further queries relating to either GDPR or to iKnow Church, feel free to contact our team on 0121 651 1125, email us on hello@iknowchurch.co.uk
iKnow Church - Church Admin Made Simple!