Data protection: top tips to get prepared

In May 2018 new data protection regulations, known as GDPR, will come into force. The new regulations tighten the existing rules on data protection and will apply to everyone who collects, stores and processes personal data such as names and addresses, telephone numbers and email addresses.

If you are a church leader or trustee of a church or charity you will need to ensure that your church or charity is prepared for GDPR. We've got some tips and suggestions for good data protection procedures that should help you as you seek to comply with data protection law.

1. Tell people why you are collecting and storing their details and what you are going to do with them. If you intend to use email addresses or telephone numbers to make contact you will need to have asked permission to do so and recorded that you have that permission.

2. Remember that data protection law applies to paper files as well as electronic ones. If you store some personal data in paper form make sure it is stored securely, preferably in locked cabinets.

3. Keep personal data secure. Don't share member lists with your whole membership unless everyone on the list has given express permission for you to do so. Train your staff and volunteers on data security and only allow access to your database to those who really need it. For example, if a small group leader needs the telephone numbers of their group, don't give them a copy of your whole membership list just give them the specific data they need.

4. Don't display your membership list and their contact details in public. If you can, it would be a good idea to include some do and don't tips on the home page of your database to remind people of their obligations to keep data secure, alternatively a small poster on the wall where your staff work would be worth considering.

5. Make it easy for people to remove their name from your lists. Use unsubscribe links if you send out emails and make sure you act on them promptly.

6. Keep your records up to date and don't keep personal data for longer than you need. It's a good idea to remind your members that you need to know if any of their contact details change so that you can produce up-to-date listings on a regular basis.

7. Don't share your membership lists with other churches, organisations or businesses unless you have asked permission from everyone on the list and they have given you a very clear yes in response.

8. Make use of the free guides to GDPR published on the Information Commissioner's website https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/. The 12 steps to take now document will be particularly useful for those just starting out: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

9. The Information Commissioner's office has recently opened a telephone helpline for small organisations so give them a call if you want to talk through what is required: 0303 123 1113