Is your parish prepared for the change in the law surrounding data protection which comes into play in May 2018?

If not, you'll be relieved to know that there is now a comprehensive Rochester Diocese Parish Toolkit, along with a whole host of other resources including sample privacy statements and checklists to ensure you are ready for the changes. 

Appendix 1 Summary of the GDPR differences from the 1998 Act

Appendix 2 GDPR Action Plan Checklist

Appendix 3 Audit Questionnaire

Appendix 4 Consent Form

Appendix 5 Privacy Notices

Appendix 6  DPIA Assessment Checklist

Parishes can use the information to inform a discussion ahead of the compliance date and identify any areas where changes are required. 

Further information about GDPR and Electoral Roll can be found here

What is the GDPR?

The General Data Protection Regulations (GDPR) will replace the current Data Protection Act (DPA) 1998

While the GDPR contains all the same principles as the DPA, there are some additional requirements, in particular regarding the need to obtain proper consent to retain personal information about a living individual. No longer is it acceptable to assume consent or ask individuals to opt out of having their details recorded by an organisation.

The GDPR will impact across all church organisations and groups that hold and process personal data in whatever form; both electronic records and on paper.

The regulations increase the rights of an individual in respect of how their data is kept and includes “the right to be forgotten”.

What is meant by personal data?

Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition is more than what historically was understood as personal data and includes identification numbers, location data and on-line identifiers; this reflects the development of technology and the new methods of recording data. The DPA already applies to images including those recorded on CCTV systems.

There are also particular sections that deal with personal data of children.

What do you need to do?

The actions that parishes and other organisations need to take are:

  • Identify what personal information is held.
  • Appoint a person to be responsible for GDPR.
  • Develop an implementation plan.
  • Communicate to staff, volunteers, and those attending activities about GDPR.

Need help?

Initial guidance has already been circulated to parishes to encourage them to start considering the implications of the regulations. Further advice will continue to be published.

GDPR e-learning courses is now available for anyone within the Church of England structure (dioceses, cathedrals, parishes and other CofE organisations).The courses, delivered by specialist training provider Me Learning, cost £10 + VAT per course. For more information click here

Other sources of information include:

Please contact them via this dedicated GDPR email:

Our privacy notice

To view the diocese's own privacy notice, please click here

Please see a copy of the presentation that was given at the training sessions for parishes here

Copyright 2015 © The Diocese of Rochester. Registered Office: St Nicholas’ Church, Boley Hill, Rochester, Kent, ME1 1SL. Registered Charity No. 249339 The Rochester Diocesan Society and Board of Finance is a company limited by guarantee. Registered in England No. 140656