Every organisation (including churches) which stores personal data in either a computer or paper-based filing system is subject to data protection legislation. ‘Personal data’ means information relating to a living individual who can be identified from that data – so it includes addresses & contact details as well as other information.
New data protection legislation comes into force in the UK on 25 May 2018.
The ‘GDPR’ (General Data Protection Regulation) will supercede previous legislation and requires all organisations to tighten up on how they obtain, store and use personal data.
Action will be needed by every church to make sure you are ready by 25 May. It is not sufficient to have an action plan in place by 25 May – all necessary changes to your record-keeping systems must be in place and completed by 25 May.
The key areas you will need to think about are:
· How you collect personal information from individuals – how you communicate with them how that information will be stored and used
· How you obtain individuals’ consent for collecting, storing and using their information
· Security – how secure is your data, what security measures are in place
· Reviewing and updating your church data protection policy
The Baptist Union has produced a helpful Guidelines leaflet on this issue which contains full details of what you need to do and how to go about it. Download it free here:
It is very important that every church reads this leaflet in order to understand the legal requirements you must meet.