The General Data Protection Regulation (GDPR) came into UK law under the Data Protection Act 2018. This provides individuals with more rights and protection regarding how their personal data is used by organisations. It also requires organisations to be more conscious of, and intentional about, data protection.
From 1 January 2021, the ‘UK GDPR’ has replaced the GDPR as the UK’s data protection law. The UK GDPR (which is currently substantially similar to the EU’s GDPR) is brought into force by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.
From a practical perspective very little has changed, although UK organisations that process the personal information of EU residents may need to appoint an EU representative, identify a lead Supervisory Authority in the EU, and update policies, procedures and documentation.
We have developed a toolkit to help parishes and churches manage personal data protection, drawing on feedback from across the Diocese. This is provided along with other useful resources below:
We advise our parishes to take the following policies into account as they implement their own personal data protection policy:
- Keep or Bin – The Care of Your Parish Records by the Church of England Record Centre provides guidance on the retention period for personal data in the context of parish records.
- A Safe Church, Southwark Diocese’s safeguarding manual, provides guidance on data collection and retention relating to safeguarding. You can find the document on our Safeguarding page.
If you have data protection queries, concerns or comments we would love to hear from you; please e-mail us.