General Data Protection Regulation (GDPR)
Christ the King, Coventry
The General Data Protection Regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act (1998).
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act. Data Collected should be adequate and relevant to its intended purpose, and limited.
- Parishioners / Gift Aid
- Parish groups / Parish rotas
- Parish communication lists eg newsletter, finance
- Employees / Volunteers
- Priests / Deacons / Religious Orders
- CCTV (tba) & Live streaming (link)
- Update Christ the King privacy statement, latest version available at link
- Determine what personal data is being held, the purpose for which it is held and who it is shared with.
- Where / how is this being stored/maintained and who has access to it.
- Review all processing that uses this data.
- How has consent being obtained for holding this data, how can it be withdrawn.
- Review procedure for dealing with requests from individuals in a timely manner.
- Review retention periods, how are these justified, how data is deleted, how data is protected.
- Take on board Guidance from Archdiocese – when available.
A questionnaire will be generated to answer the above and to scope the required work.
- ICO Guide to GDPR http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
- ICO guidance for not-for-profit organisations including charities and voluntary organisations https://ico.org.uk/for-organisations/guide-to-data-protection/cctv/ .
- ICO guidance CCTV https://ico.org.uk/for-organisations/guide-to-data-protection/cctv/
Last updated 14th April