Data protection
Parishes must comply with its requirements, just like any other charity or organisation. On this page we cover: What is GDPR
What is the GDPR?The General Data Protection Regulations (GDPR) replace the Data Protection Act (DPA 1998) in 2018. While the GDPR contains all the same principles as the DPA, there are some additional requirements, in particular regarding the need to obtain proper consent to retain personal information about a living individual. It is no longer acceptable to assume consent or ask individuals to opt out of having their details recorded by an organisation. The regulations increase the rights of an individual in respect of how their data is kept and includes “the right to be forgotten”. What is meant by personal dataPersonal data is any information relating to an identifiable person who can be directly or indirectly identified in particular, by reference to an identifier. This definition is more than what historically was understood as personal data and includes identification numbers, location data and on-line identifiers; this reflects the development of technology and the new methods of recording data. The DPA already applies to images including those recorded on CCTV systems. There are also particular sections that deal with personal data of children. Steps to takeThe actions that parishes and other organisations need to take are:
|