Data Protection and GDPR
There is now Guidance for Parishes on the new GDPR regulations, which come into force on 25th May 2018. You may find the following links to the Information Commissioner’s website useful:
You may also find the pages of questions and answers from recent Diocese of London workshops helpful too.
The Data Protection Act 1998 (which remains in force until 25th May 2018) sets out eight principles for anyone who processes personal information and includes information both held on a computer and paper-based files.
- its use is fair and lawful
- it is to be used only for specific purposes
- it is adequate, relevant and not excessive
- it is accurate and up to date
- it is not kept for longer that is necessary
- it is processed in line with an individuals rights
- it is secure
- it is not transfered to other countries without adequate protection
Information about the Data Protection Act is provided by the Information Commissioner at http://www.ico.gov.uk/
The Guide to the Data Protection Act 1998 explains the legislation, gives practical examples to illustrate how the principles apply in practice, and uses frequently asked questions about data protection to provide a useful source of practical advice to those who have day-to-day responsibility for data protection.
The Archbishops’ Council has produced a Guide to the Data Protection Act: The Data Protection Act 1998 : A Guide for Parishes Issues by the Archbishops’ Council 2001.