Data Protection and GDPR
The General Data Protection Regulation (GDPR) will take effect in the UK from 25 May 2018.
It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations.
You will need to appoint a 'Data Compliance Officer' in your PCC, this person will act as coordinator to ensure that everyone in the PCC is aware of GDPR and that everyone takes responsibility for ensuring personal data is held securely and managed in compliance with the regulation. They will need to conduct a review of all the data you currently hold, where is it held and what is it used for. Parishes must comply with its requirements, just like any other charity or organisation.
To help you do this there are a number of resources on Parish Resources website. These include: a check list, a detailed guide, a template to conduct a data audit and sample privacy notices.
The Data Protection Act 1998 (which remains in force until 25th May 2018) sets out eight principles for anyone who processes personal information and includes information both held on a computer and paper-based files.
- its use is fair and lawful
- it is to be used only for specific purposes
- it is adequate, relevant and not excessive
- it is accurate and up to date
- it is not kept for longer that is necessary
- it is processed in line with an individuals rights
- it is secure
- it is not transfered to other countries without adequate protection.