Data protection

Data Protection

During May 2018 the new General Data Protection Regulation (GDPR) will take effect in the UK. This regulation replaces the existing laws on data protection (Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations. Church of England parishes must comply with its requirements, just like any other charity or organisation.

There are a number of underlying principles in the regulation that determine how personal information can be used and stored which has required us as a parish to do some work to ensure that we comply with the law. These principles are:

  1. Personal Information (Data) will be processed lawfully, fairly and transparently.
  2. Data is only used for a specific processing purpose that an individual (data subject) has been made aware of and no other, without further consent.
  3. Data collected on an individual should be “adequate, relevant and limited.”
  4. Data must be “accurate and where necessary kept up to date”
  5. Data should not be stored for longer than is necessary, and that storage is safe and secure.

What does this mean for us?

St. Thomas’ has always sought to comply with Data Protection Laws so any changes we are required to make are minimal. The following policies have been put in place to ensure we manage any data we hold properly:

We have produced and published a Data Privacy Statement outlining why we collect data and how we use it. To see a copy of this, use this link; Data Privacy Statement

Everyone now has the right to request to see a copy of the data any organisation holds on them. If you wish to see copies of the data we hold relating to you, you should make a request in writing to the Churchwardens, who will respond to your request within 48 hours and seek to provide you with the relevant information within 7 working days.

In the event that we have a data breach, where data is shared without permission or lost, the churchwardens will instigate an investigation, report it to the data commissioner and inform those who have been affected. We hope of course that this will never be an issue.

If you have any questions relating to this information please contact the church office who will provide you with further information