General Data Protection Regulation (GDPR)

The law relating to data protection is changing. This will affect all organisations in the UK, including businesses and charities.
The General Data Protection Regulation (GDPR) will take effect in the UK from 25 May 2018.
It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations.
Parishes must comply with its requirements and are each responsible for ensuring they do so, just like any other charity or organisation.
These pages provide guidance, support and direction to help parishes ensure they meet the new requirements.
Helpful Links
Parishes Resources
- The Parishes Resources website provides guidance, templates and a checklist to help you meet your GDPR requirements.
- It is updated regularly - so please check back periodically. Most recently, a new FAQ has been added, the main parish guidance has been updated and there is a specific guidance note relating to giving reviews and fundraising communications.
- There are also example Consent forms that you can adapt for your parish.
- To access the Parish Resources materials, please follow this link.
Parish Buying
- The Church of England, through the Parish Buying team, have secured very significant discounts on a range of online GDPR training courses offered by the Me Learning platform.
- You can find more information about these courses and how to access them via this link - https://www.parishbuying.org.uk/categories/gdpr-e-learning?highlight=WyJnZHByIl0=
Church of England - National Church Institutions Presentations
The following presentation provide an overview as provided by the National Church Institutions Team and the Church of England
- GDPR - Key Messages - NCI Working Group - December 2017
- GDPR and Consent - NCI CofE Presentation
- GDPR and Employees - NCI CofE Presentation - March 2018
Church of England - Record Management Guides
- The records management guides have been researched and produced by records and archive management specialists at the Church of England Record Centre.
- They have used expert advice from The National Archives, local record offices and the wider archive profession.
- On the site you will find guidance on areas including; care of church records, care of Episcopal records and safeguarding records management.
Information Commissioner's Office (ICO)
- The Information Commissioner's Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, it is the body that will ensure businesses comply with the requirements of the GDPR.
- The ICO website contains a wealth of information to support organisations meet their requirements under GDPR and can be accessed by following this link here.
Ely Diocesan Board of Finance (EDBF) Data Privacy Note
- The Ely Diocesan Board of Finance is required to process personal data in accordance with the requirements set-out in the GDPR.
- The data privacy note outlining how we process personal data can be found here.
- The Parish Resources team also provide a sample data privacy note for parishes to adopt to their own needs. this can be downloaded here.
Frequently Asked Questions & Some Common Myths
- The Parish Resources team provides a regularly updated overview of some common myths around GDPR, as well as covering many of the frequently asked questions from parishes.
- The PDF can be downloaded here.
- If the link above doesn't work, the document is easily accessible from the Parish Resources website here.
- Some commonly asked questions about Data Protection can be found here.
Other Support Resources
- The Diocese of Oxford has also produced an excellent GDPR overview presentation for parishes that they have kindly allowed us to share, this can be downloaded here.
- Prettys Solicitors provided a training session for both Diocesan staff and members of the Diocese. This presentation can be viewed here.