Summary of our approach to Information Management in the Parish of Three Saints
The Parish of Three Saints set up a review of Information Management (IM) in September 2017. In early 2018 this review incorporated the requirements of the General Data Protection Regulations (GDPR). The new act of Parliament incorporates previous principles of the Data Protection Act 1998 and provides extra protection to the individual data subject.
Our initial steps were:
- PCC members were made aware of their responsibilities as the data controller
- The role of Information Management Champion was created
- The Information Management Champion and the Parish Administrator both undertook specific training in implementing the new regulations
- A data analysis was undertaken to identify the areas in which personal data is held by the parish
- As a result of this analysis various actions as detailed below were taken
Following our Data Analysis we arrived at the following classification of our personal data:
- Membership management e.g Electoral roll, Friends and Church
- Using email and telephone numbers for communication
- Managing PCC activities (PCC members personal data used)
- Managing data relating to volunteer activities which include rotas, pastoral care activity
- Managing stewardship and donations
- Managing baptisms, marriages and funerals
- Managing records of visual images
- Analysing data about membership activities
- Data held under safeguarding procedures
Initial discussion in our IM Review had shown that Privacy Notices would need to be introduced at points in our Parish administrative systems when our Church Family signed documents eg joined the Electoral Roll. Following discussion with other Data Controllers of Parishes within the Diocese we recognized that it would be possible to phase in the use of Privacy Notices because the current form that has been signed provides a legal justification for our current uses of data. In this instance a new Electoral Roll will be set up in April 2019 and we propose to introduce a new form with a Privacy Notice at that point.
In our privacy notices we shall ensure that all data subjects are aware that:
- We store all personal details on a password protected database
- We shall endeavor to keep this data up to date
- Every person on whom data is stored has the right to view and amend their personal data
- If they wish to have their data deleted we shall comply with a signed request
- We will not pass on their personal data to another party without permission
- We may analyse personal data for internal management purpose but the data will always be anonymized when results are present
To read our detailed report click here
To read our general Privacy Notice click here