This page is part of our guidance to help parishes get ready for and comply with the “General Data Protection Regulation”. It’s helpful to start by carrying out a data audit – you may be surprised at just how much personal data is stored and processed around the parish.
We’ve produced a template to help you do this:
Carrying out a Data Audit
Here are some questions to help you carry out your audit:
- What kind of data is being collected and stored, where and why?
- Which different church groups might store their own data? Make sure you cover them.
- How is the data used (i.e. processed) both internally and externally?
- How long is the data retained?
- Who has access to the data both inside and outside of the business?
- What procedures and controls are in place to keep data safe?
Finally three tips:
- Start sooner rather than later. Although the GDPR doesn’t take effect until May 2018, it’s good to get on top of this early.
- Inform people what is going on, and why – this will help them to understand why you are asking questions. You might find the two page PCC guide a helpful background note.
- Although the parish might appoint someone to lead on this, for larger and more complex parishes a small team might be helpful.