You might have noticed a new acronym popping up all over the place of late – GDPR – or the General Data Protection Regulation. It’s EU legislation that comes into force in May this year.

You might also have seen that it means you’ve all got lots of work to do by May in order to avoid the massive fines that will otherwise come your way.

Which isn’t quite the real picture…

GDPR builds on existing Data Protection legislation and on the good practices we are all already applying in the Church of England- we take care of people’s data and aim to be good stewards of it, although there are some changes that we all need to make on how we do things.

We are doing this together; the National Church (NCIs) and wider church organisations are putting in a lot of collaborative effort between and among dioceses, cathedrals and the NCIs. There is already guidance specifically for parishes available which we’ll keep updated. We are sharing good practice; developing policies, data sharing protocols and agreements; data protection impact assessment guidance etc., that the whole church can use – they’ll be ready soon.

The regulatory agency (ICO) overseeing all of this has said that they expect organisations to be working towards being ready by May and to have a reasonable time frame for being fully compliant beyond May.

Above all – don’t be taken in by the hype and the myths – if you are already being good stewards of personal data you aren’t about to get fined; you are well on the way to compliance and there is already a lot of help and advice available to assist you in completing your GDPR journey.


Declan Kelly, Director of Libraries and Archives

Source URL: