Menu icon

Data Protection and GDPR

The General Data Protection Regulation (GDPR) came into effect in the UK on 25 May 2018.

It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations.

You will need to appoint a 'Data Compliance Officer' in your PCC, this person will act as coordinator to ensure that everyone in the PCC is aware of GDPR and that everyone takes responsibility for ensuring personal data is held securely and managed in compliance with the regulation.  They will need to conduct a review of all the data you currently hold, where is it held and what is it used for. Parishes must comply with its requirements, just like any other charity or organisation. 

To help you do this there are a number of resources on Parish Resources website.  These are available to view and download below:

The Information Commissioners Office [ICO] have setup a phone helpline aimed at people running small businesses or charities. Should you have further queries please call 0303 123 1113 and select option 4 to be diverted to staff who can offer support.

The Data Protection Act 1998 (which remains in force until 25th May 2018) sets out eight principles for anyone who processes personal information and includes information both held on a computer and paper-based files.

  1. its use is fair and lawful
  2. it is to be used only for specific purposes
  3. it is adequate, relevant and not excessive
  4. it is accurate and up to date
  5. it is not kept for longer that is necessary
  6. it is processed in line with an individuals rights
  7. it is secure
  8. it is not transfered to other countries without adequate protection.