General Data Protection Regulation (GDPR)

Christ the King, Coventry


The General Data Protection Regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act (1998).

Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act. Data Collected should be  adequate and relevant to its intended purpose, and limited.

In Scope

  1. Parishioners / Gift Aid
  2. Parish groups / Parish rotas
  3. Parish communication  lists eg newsletter, finance
  4. Employees / Volunteers
  5. Priests / Deacons / Religious Orders
  6. CCTV (tba) & Live streaming (link)


  1. Update Christ the King privacy statement to use the Archdiocese Privacy Notice link following a deanery meeting at Christ the King on 22nd may 2018.
    1. Review relevant procedures/policies including data privacy policy. Add any required information.
  2. Determine what personal data is being held, the purpose for which it is held and who it is shared with.
  3. Where / how is this being stored/maintained and who has access to it.
  4. Review all processing that uses this data.
  5. How has consent being obtained for holding this data, how can it be withdrawn.
  6. Review procedure for dealing with requests from individuals in a timely manner.
  7. Review retention periods, how are these justified, how data is deleted, how data is protected.
  8. Take on board Guidance from Archdiocese – when available.

A questionnaire will  be generated to answer the above and to scope the required work.

Useful links

  1. ICO Guide to GDPR
  2. ICO  guidance for not-for-profit organisations including charities and voluntary organisations .
  3. ICO  guidance CCTV
  4. Which

Last updated 27th April