The General Data Protection Regulation (GDPR) took effect in the UK on 25 May 2018. It
replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals
more rights and protections with regard to how their personal data is used by organisations.
Congregations must comply with its requirements, as there are no relevant exemptions for
charities or small organisations.
Underlying Principles
The GDPR sets out a list of data protection principles. These state that personal data must be:
1. processed lawfully, fairly and transparently
2. only used for a specific processing purpose that the data subject has been made aware of
3. adequate, relevant and not excessive
4. accurate and where necessary kept up to date
5. not stored for longer than is necessary i.e. storage limitation
6. stored in a safe and secure manner
How we apply this:
We make sure that any data (name, address, other contact details) we hold of members or other people involved in the life of our congregation is stored securely and only accessed by those who need it for pastoral, communication or administrative reasons. If you want to know what information we may hold about you, please contact our Session Clerk. If you are a church member but no longer wish to be, or you have moved away, please let us know, so we can keep our records accurate.