Changes to the data protection law will affect parishes
Data Protection in the UK is changing in May 2018 and the new law gives individuals (you and me) more rights over how information about them is stored and used by organisations (a PCC or a Diocese for example). In particular, organisations have to tell individuals what they are doing with the information they are storing and using.
This new law is known as the GDPR (the General Data Protection Regulations) and parishes must comply with its requirements.
People will need to give their consent, explicitly, for you to use their data for communications and marketing– they should ‘opt in’. Existing mailing lists and other information you hold about people will have to be reviewed to ensure you have the right consent in place. Just because you have consent to send someone a newsletter does not mean you have consent to send them other kinds of information.
All people will now have a number of additional ‘rights’, including that of knowing how data is used, of knowing what data is held about them, of correcting any errors and generally the right ‘to be forgotten’. Organisations will need to make provision for people to exercise these rights, including developing a Privacy Notice.
If you are part of a PCC or parish team and are unsure if this law will apply to what you do, it is almost certain that it will. Unfortunately, doing nothing is not an option and lack of knowledge or capacity is not an excuse if you accidentally breach the new law.
The Diocese of Truro Church House team know this may seem daunting and that the teams in our churches are already very busy so we will be offering training in four locations across Cornwall on Monday, March 19 (click here for more information). We are also happy to help where we can if you get stuck.
We highly recommend visiting the Parish Resources website, which has a set of templates and easy to use guidance specifically designed to help parishes do what needs to be done to comply with the new law.