GDPR guidance for churches and synods
Guidance to help churches comply with the General Data Protection Regulation (GDPR) that came into force on 25 May 2018. It cannot cover comprehensively everything that any church might ever do with data but churches following this advice should be well on their way to compliance.
Contact the Information Commissioner’s Office for more information and advice.
Hints and tips for good data protection practice
- Respect everyone’s privacy.
- Ensure that paper records are kept in a locked cupboard.
- Do not disclose any personal information about an individual without first obtaining that person’s consent – that includes, address, telephone number, email address, age, birthday, names of family members.
- When emailing groups of people always put their email addresses in the ‘bcc’ row rather than the ‘To’ row. This prevents an individual’s email address being visible to all the recipients
- If you are sharing birthday information (age or date) about an individual with others always ask for the individual’s permission first. Ideally this should be in writing.
- When mentioning pastoral concerns or praying for identifiable individuals take reasonable steps to ensure that the individual (and anyone else who may be directly or indirectly
involved) is willing for this to happen. - When minuting pastoral concerns, refrain from mentioning names and the nature of the concern.
- Prayer lists should be confidentially destroyed immediately after they have been used.
- Personal data held on laptops, data sticks and other portable electronic devices should be
encrypted. - If using cloud storage ensure that the servers are located within the European Economic Area (EEA) and take reasonable steps to ensure security.
- Order your records – minimise what you keep.
- Check that existing and former officers/elders/committee members are not retaining their own copies of personal data in paper form or electronically. Seek their confirmation that all such data has been returned or destroyed.
Useful resources and templates
Please download and use our checklist and templates:
- Checklist for establishing good data protection practice in your church (Word | 31kb)
- Data privacy statement template for churches (Word | 46kb)
- Data privacy statement consent template for churches (Word | 27kb)
- Church committee membership undertaking template (Word | 37kb)
- Church committee membership leaver declaration template (Word | 34kb)