GDPR & record keeping

The General Data Protection Regulation came into force in May 2018. It strengthened previous data protection regulations. It is applicable to PCCs, incumbents and deaneries, and requires them to take some action.

FAQs
 

Can I keep parish emails on my phone?
Can we publish a directory of names, addresses, phone numbers etc. for use by church members?
Can we publish details of baptisms, weddings and funerals in our Parish magazine?
Can we send anniversary cards and invitations to our baptismal families?
Do we need to get consent from our Mailchimp subscribers?
Does our PCC need to register with the Information Commissioner's Office (ICO)?
Personal information and correspondence are held on my personal computer…
Should the  template Electoral Roll form be updated to include positive consent for data processing, storage and disposal?
We have a phone list pinned up on the wall of the church office.
We have a transcript of the registers on the shelf in the office. What should we do?
What about names in PCC minutes? Should we destroy old minutes?
What about the data stored by the retired priest who helps out in our parish sometimes?
What are the implications for clergy?
What wording should welcome cards include to be GDPR compliant?
With the advent of GDPR is there any diocesan guidance about the retention and disposal of Parish records?

Resources

External sites

Please note, the guides, slides and handouts here were produced when the Data Protection Act 2018 came into force and while the UK was a member of the EU but they are still relevant.

Page last updated: Thursday 27th February 2025 4:37 PM
Powered by Church Edit