Main points of Parochial Church Council Meeting.
Data Protection (GDPR General Data Protection Regulation. 25 May 2018) and Electronic Records.
Leigh church, having no office, no central list of members (beyond the Electoral Roll), and no general mailings, has a relatively simple task in complying with data protection law relevant to personal data held.
Further, registration with the Information Commissioner is not needed because data held, as disclosed by a data audit, falls within the five categories stated by Rochester Diocese to be exempt from registration. The data, that is held, is on the computers of individual church officials; the purposes for holding it are (i) to give information about, and to court support for, church activities, and (ii) to notify individuals about facts relevant to them, such as dates on rotas when some task is expected. None of this data is passed on to other organisations.
Particular steps pursuant to GDPR requirements are the institution of two offices, the Data Controller and Data Compliance Officer. The Data Controller has to ensure overall compliance, and is, by diocesan recommendation, The Incumbent. The Data Compliance Officer’s job is (i) to ensure awareness of the requirements of law and policy, and (ii) to be ready to handle issues arising, in particular out of (a) the eight rights, (b) any request for a Subject Access Request (“SAR”), and (c) a personal data breach, with its obligation for action within 72 hours. This officer is to be the Churchwarden.
Fuller detail is available on websites - of the Church of England (http://www.parishresources.org.uk/gdpr/)
of Rochester Diocese (http://www.jameslangstaff.co.uk/wp-content/uploads/2014/11/Bishops-Guidelines-2017.htm#_Toc499920029and http://www.rochester.anglican.org/resources/gdpr
and among the documents listed in the appendix to this handbook
Dioc GDPR - Q&A for PCCs.pdf
Dioc GDPR - A Guide for PCCs, &c.pdf
GPDR Rochester FAQs.pdf