Related to this section ...

New Data Protection Regulations

Guide for churches to GDPR – ACTION NEEDED Please read on...

Just like any other charity or organisation, all parishes must comply with the General Data Protection Regulations (GDPR) which comes into force on 25th May 2018. GDPR replaces the existing Data Protection Act and gives individuals more rights and protections in how their personal data is used by organisations. It takes into account the massive changes in technology since the Data Protection Act was introduced in 1998.

There are a number of actions that the PCC should take before the new regulations take effect. The national Church of England Parish Resources website ( has the following useful links that you should read:

A brief guide to GDPR
A more detailed guide for the person implementing this in the parish
A simple checklist which covers the actions outlined in the guides to help PCCs monitor progress
A template data audit document which will help you to identify the personal data that your parish stores and processes
Sample consent forms as parishes will need to make sure they have consent to communicate with those on the mailing lists
Parishes will also need to produce a privacy notice, and a sample privacy notice is given which can be amended and adopted. If you have a website, it is good practice to make it available online. Guidance on how you can write your own privacy notice is also available.
Finally – do check that your procedures are up-to-date, such as what to do if people request to see the data stored about them, and review your breach management procedures to ensure you know what to do in the event of a breach

As things progress we will keep you up-to-date with developments – keep an eye on our website.


  • Diocesan Director of Education announces retirement Posted Tuesday 10 September ...