In this modern world where information can be accessed and shared quickly, GDPR brings in some new stipulations regarding the handling of personal information. 

The church will be the Data Controller as they have control of the data. There should also be at least one person who is responsible in the church for ensuring that the church handles data in the correct way. It should be recorded as who is responsible for this. A Data Protection Officer is an official title within an organisation and many charities will have this. However for most churches it is unlikely that they will have a DPO but instead would have someone who assumes the responsibilities without the title. 

Treat the data of others as you would wish your own to be treated. You will likely store data electronically so it is important that this information is stored securely. If you have data held locally on USB, CD, or memory card then you must handle the media carefully.  

Taking precautions such as password protecting data before it is transferred to an external device is important. An address list of the whole church fills up a very small part of a USB stick, yet without common sense practices it can easily be left on the stick indefinitely, or copied onto a shared computer. If you have an electronic copy of people’s data then make sure it is securely deleted from any computers or media when it is no longer used.

You may often print out information to take to a meeting but if this contains personal data then make sure that it is securely stored or, ideally, destroyed.    

If you store data on shared services such as Google Drive or DropBox then it should be clear as to who has access to this information.  

Your church should have a written Information Security Policy which includes the purposes and methods of collecting and using the data. 

Terms and Conditions | Our Privacy Policy | Disclaimer