The Parochial Church Council is the Data Controller and is solely responsible for compliance with the General Data Protection Regulations 2018. The Data Controller will process, share and destroy personal data (as defined in the Regulations) which is held by the Church, as indicated in this policy.


  1. Processing personal data


Personal data will be used for the purpose for which it has been obtained and will not be shared with anyone else, except as shown below.

 1.1  Specific requirements

Where it is necessary for a person’s name to be made public, such as the Electoral Roll, a rota or a register, this will not include an address, email address or phone number.

Personal data will not be used for advising individuals of an event by phone, mail or email.

By virtue of legitimate interest, the name of a Church official or other person connected with the Church may be published in the Parish magazine or on a notice board but contact details will only be published if the person concerned has given written consent via form CF1. Clergy and safeguarding officers may require immediate contact and contact details of their choice will be published.

Written permission to publish contact details of the organiser(s) of an event will be deemed to have been given by the submission of the item for publication.


1.2  Sharing personal data

The Regulations provide for personal data to be shared with law enforcement agencies.

Otherwise, the following data sharing will apply

  •  The treasurer and Gift Aid co-ordinator will share personal data as necessary with he appropriate banks and HMRC
  • The Vicar, Church Wardens and Safeguarding Officer will share appropriate personal data with the Diocese, Local Authority or Legal Profession where necessary to resolve a safeguarding issue.
  •  Where an incident or accident has occurred personal data will only be shared with a Government Department, Local Authority, Police or Legal Profession as necessary to assist with an investigation.
  •  By virtue of legitimate interest, where a person is in need of prayer because of illness or traumatic event, this may be announced at a Service but will not include any specific details of medical condition or the event.

  1. Security of personal data


It is recognised that data for rotas, financial dealings, consultation with the Vicar, etc. have to be held at home. This will be kept secure and not routinely carried between home and Church. It will not be necessary to encrypt USB devices that are not taken away from home.

Personal data of an important nature, such as a safeguarding issue or a legally required register, will be kept in a safe at the Church.

At discretion, such records may later be transferred to a locked container in the loft.

Gift Aid records will be kept in a sealed box in the loft for the required period of six years and then destroyed as outlined in 3 below.


  1. Removal and/or destruction of personal data


Personal data will be removed and destroyed when it is no longer required for legal proceedings, tax purposes, etc. Some records, however, may be part of a larger document and cannot, therefore, be removed until the whole document has expired. In many cases these documents cannot be destroyed.

Records will not be taken to the County Archives until after the death of the person concerned.

Destruction of data will be carried out by two people, one of whom will be the Vicar or a Church Warden.


4.     Request for access to or removal of data


The Regulations provide for any person to know what data is held about them by the Church or for the data to be removed or corrected. The data will only be divulged to that person on receipt of their written request.




Signed                                                            Rev. D. M. Rogers (Vicar)                   19September 2018

Community Web Kit provided free by BT
Cookies and Privacy | Charity Number: xn6800