Data protection

Data protection

The General Data Protection Regulation (GDPR) has now replaced the previous law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations.

Parishes must comply with its requirements, just like any other charity or organisation. On this page we cover:

What is GDPR
What is meant by personal data
Steps to take
Training and online help
Useful links and resources

 

What is the GDPR?

The General Data Protection Regulations (GDPR) replace the Data Protection Act (DPA 1998) in 2018.

While the GDPR contains all the same principles as the DPA, there are some additional requirements, in particular regarding the need to obtain proper consent to retain personal information about a living individual.

It is no longer acceptable to assume consent or ask individuals to opt out of having their details recorded by an organisation.

The regulations increase the rights of an individual in respect of how their data is kept and includes “the right to be forgotten”.

 

What is meant by personal data

Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular, by reference to an identifier.

This definition is more than what historically was understood as personal data and includes identification numbers, location data and on-line identifiers; this reflects the development of technology and the new methods of recording data. The DPA already applies to images including those recorded on CCTV systems.

There are also particular sections that deal with personal data of children.

 

Steps to take

The actions that parishes and other organisations need to take are:

  • Identify what personal information is held.
  • Appoint a person to be responsible for GDPR.
  • Develop an implementation plan.
  • Communicate to staff, volunteers, and those attending activities about GDPR.
     


Training and online help

We have compiled a number of sources of help to support parishes with their GDPR compliance:

 

If you have an enquiry relating to GDPR, or would like to make a subject access request, please email: gdpr@rochester.anglican.org