The General Data Protection Regulation ('GDPR') and the Data Protection Act 2018 (which enshrines GDPR into UK law), are now in force. Managing Trustees need to be aware of the changes brought about by the new data protection legislation and how it will affect local church life.
TMCP in conjunction with the Connexional Team have produced a toolkit of guidance, policies, templates and training to help Managing Trustees to continue (or begin) to work on compliance and keep personal information safe.
Local churches, Circuits and Districts find themselves holding a variety of personal data including details of members and employees. The information accessible from this Data Protection page explains the obligations imposed on Managing Trustees in relation to this data under Data Protection legislation. The guidance helps Managing Trustees to identify what personal data is, how to hold it securely and for what purposes that personal data can be used. This includes Circuit and District directories and the use of and recording of CCTV.
in order to assist Managing Trustees, TMCP have produced a Data Protection Toolkit which contains all the information that you need to maintain healthy GDPR churches (about half way down the link page)
in the toolkit you will find:
Data Protection Policy*
Data Security Policy*
Breach Policy (Interim)*
* Where a document is marked with a star, it is available on the password protected part of TMCP's website. This is because these policies are internal policies rather than the external facing Privacy Notice. Managing Trustees who do not already have the password, please contact TMCP.
Guidelines and Schedules
Lawful Bases Guidance — "Guidelines on Lawful Bases for Processing Personal Data"
Template Notices, Registers and Forms
Data Mapping Form for Managing Trustees
Breach Record for Managing Trustees
Template Consent Form
Consent Record for Managing Trustees
Data Subject Access Request Form (SAR Form)
Videos and Slides:
GDPR Training Webinar 1
Introduction to GDPR — slides —
RMF Presentation Slides —
Training Day Slides —
Resources and Toolkit Slides
Data Security Slides
9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR
General Data Protection Guidance Note —
Do's and Don'ts —
Who are the Data Controllers and where to get help? —
New Privacy Notice for Managing Trustees
It's not all about Consent — New Lawful Bases Guidance
Data Responsibilities in a Nutshell
Data Protection Toolkit
New Data Protection Guidance — News Hub
GDPR Myths — News Hub
GDPR Changes at a Glance
Data Protection Booklet
Data Protection Responsibilities in a Nutshell
https://ico.org.uk/ — The Information Commissioner's website.