Your Responsibilities

The church is meant to be a safe place for people to go when they need support and help. Every week there are churches all around the country that open their doors for people to worship, enjoy fellowship, and get support from ministers and counsellors.  The church has the most important message that anyone can ever hear so we need to make sure that churches are fulfilling their responsibilities in relation to handling data so that nothing hinders the most important work.

Under GDPR, your church will usually take on the role of Data Controller*. This means that you will be responsible for ensuring that any personal data you collect or store is handled securely, sensitively, and in a manner which reflects the lawful basis for storing the personal data.

Think about the kind of information your church holds on church members. You will likely have their names, addresses, phone numbers and email addresses. You may hold financial information such as their giving record or Gift Aid details. It is also likely that you will have some sensitive personal information about them, relating to their personal lives or spiritual journeys. All of this counts as personal data, and it is up to you to make sure that you a valid lawful basis to store and process this information, as well as ensuring that your policies for handling it are appropriate.

For example, if you print out a list of addresses or other personal information, do you have a documented policy on how those hard copies should be handled and how it should be destroyed?

Do your church members know who they should approach if they have any concerns about their data?

Have you made sure that everyone has consented (where necessary) to you approaching them for fundraising?

*Please note that in the Church of England, the PCC and Incumbent will operate as two separate Data Controllers

Terms and Conditions | Our Privacy Policy | Disclaimer