The General Data Protection Regulations (GDPR) replaced the Data Protection Act in May 2018. We share these guidance notes to show how we, as a Church, look after any personal data concerning our members and friends.
General Data Protection Regulation (GDPR)
These regulations take the courtesy we apply between friends (asking before we pass on their contact/personal details) to Organisations. As a Church we take this responsibility seriously.
Data Protection Officer.
The Church Data Controller (DC) is Sheila Pugh. Contact her on [email protected] if you need to know more, talk to her at Church or phone 0151 327 3722 as a last resort!
All information held must be secure. No information should be shared beyond the Church.
All organisations within the Church should document the kinds of personal data (such as names, postal and email addresses and phone numbers they hold. They must indicate it’s origins, and anyone with whom it is shared. It is good practice ONLY to hold the minimum information required. (Any information beyond these simple lists should be notified to the Data Protection Officer.)
Sensitive information should be stored securely (e.g. in a locked cabinet) and monitored whenever it is being used. Data held electronically should be password protected/encrypted.
All individuals have the right to be informed as to what data is held about them and that they may request it’s being removed. This, like the correction/deletion of any inaccuracies, must be done within 28 days.
Any data on children must show that parental/guardian consent has been given.
There should be a statement that data will be deleted 2 years after it is last used.
The Church must have procedures to detect, report and investigate any situation where Data has been mislaid or got into the wrong hands.
For Example: – It should be standard practice to use the BCC (blind copy) option in addressing emails to more than a single recipient in order to prevent the abuse of email addresses being visible to any but the recipient.
Any breaches must be reported to the Data Protection Officer for investigation.