Find a Church Contact us Calendar Vacancies Safeguarding

Home > Parish Support > Legal compliance > GDPR

GDPR

The General Data Protection Regulation (GDPR) took effect in the UK on the 25 May 2018. It replaced the Data Protection Act 1998 and gave individuals more rights and protection in how their personal data is used by organisations. Parishes must comply with its requirements, just like any other charity or organisation.

Each parish within the diocese acts as their own legal entity and each PCC needs to adhere to the rulings. The Church of England have created parish resources for us to use as a diocese.

These can be found here.

There is a handy two page overview to act as a guide for PCC’s.

And a more in depth document for PCCs.

Useful FAQ’s can be found here.

Gloucester Diocese have also produced a very in depth GDPR FAQ page which may be of help.

Subject Access Requests

Under the General Data Protection Regulation 2016 (‘GDPR’) a person will have the right to ask an organisation to confirm whether or not it is processing any of their personal data.

If you receive a Subject Access Request and have any concerns please contact stephen.davenport@coventry.anglican.org.

Please click here for a copy of:

Subject Access Request Guidance 

Letter - Subject Access Response – Provision of Information Requested 

Letter - Subject Access Response - Refusal to Provide Personal Information/ Request for Further Information

Data Breach

A personal data breach is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.  A temporary loss of personal data still constitutes a personal data breach.

Please click here for a copy of:

Data Breach Protocol 

Data Breach Protocol – Further Guidance for Data Protection Officer 

Personal Data Breach Log 

How to Encrypt a Memory Stick

If memory sticks are used to store personal data then they should be encrypted, please click here for a guide on how to do this.

How to password protect an Excel File

If Excel spreadsheets are used to store and process personal data then these should be password protected, please click here for a guide on how to do this.

e-learning

A comprehensive suite of GDPR e-learning courses is now available for anyone within the Church of England structure (dioceses, cathedrals, parishes and other CofE organisations). The courses, delivered by specialist training provider Me Learning, cost £10 + VAT per course. Information on who should complete this training and how Parishes can access this training are here:

GDPR e-learning instructions for parishes

 

Powered by Church Edit