GDPR Data Audit
This page is part of our guidance to help parishes get ready for and comply with the “General Data Protection Regulation”. It’s helpful to start by carrying out a data audit – you may be surprised at just how much personal data is stored and processed around the parish.
We’ve produced a template to help you do this:
Carrying out a Data Audit
Here are some questions to help you carry out your audit:
- What kind of data is being collected and stored, where and why?
- Which different church groups might store their own data? Make sure you cover them.
- How is the data used (i.e. processed) both internally and externally?
- How long is the data retained?
- Who has access to the data both inside and outside of the business?
- What procedures and controls are in place to keep data safe?
Finally three tips:
- Start sooner rather than later. Although the GDPR doesn’t take effect until May 2018, it’s good to get on top of this early.
- Inform people what is going on, and why – this will help them to understand why you are asking questions. You might find the two page PCC guide a helpful background note.
- Although the parish might appoint someone to lead on this, for larger and more complex parishes a small team might be helpful.