GDPR Top Tips for Parishes

Below are the top 10 tips for all of the Safeguarding Team, Volunteers, Parish Activities Staff and for all who play a role in safeguarding in the Diocese of Down and Connor.

The points below are only a summary and all members should look to the general Privacy Notice for the Diocese of Down and Conor for best practice, a copy of which can be found here. A summary of these Top Tips for Parishes can be viewed, downloaded or printed here.

1. You must fully understand why you are collecting and holding personal data.

2. You must be aware of the personal data we hold. This information includes name, contact details, gender, age, date of birth, marital status, nationality, education and work history.

3. You must be aware of the “special categories” of personal data that we may collect, which is sensitive data like information about a person’s race or ethnicity, religious beliefs, sexual orientation or sexual life, medical information about physical or mental health, political beliefs etc.

4. You must be aware of how we process personal data. This means keeping personal information up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts; by protecting personal information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate organisational and technical measures are in place to protect the personal information. For example, if information is leaving the locked parish office it must remain securely in a locked briefcase with a member of staff or trained volunteer at all times until it is returned to the parish office and secured in accordance with our security policy.

5. You must only process personal data when we have a lawful reason to do so. For example, when the individual gives us their consent or we have a legitimate interest or legal obligation to process the information. If you are in doubt, please seek further information from The Diocesan Data Protection Officer at dataprotection@downandconnor.org.

6. You must know with whom we can share personal data with. Personal data is to be treated as strictly confidential and used only for the purpose for which it was obtained. The general Privacy Notice for the Diocese lists in more detail with whom we can share the information but members must note the importance of the data being strictly confidential.

7. You must be aware of how long we can keep personal data in accordance with our Data Retention Policy.

8. Be aware of the rights the individual has to their personal data and when these rights may be limited in certain situations. Rights may only be exercised by the individual whose information is being held by the Diocese or with that individual’s express permission. Note that Parents do not have an automatic right to see information about their child or to prevent their child from making a request to the Diocese. If in doubt, please seek further information from The Diocesan Data Protection Officer at dataprotection@downandconnor.org.

9. Be aware of the complaints procedure the Diocese of Down and Connor have in place and who individuals should contact if they are unhappy with any aspect of how their personal data is being dealt with.

10. Know the general Privacy Notice for the Diocese of Down and Connor, it has been listed below and all members of staff and volunteers must be familiar with it.