Here are four things I would encourage you and your church to think about as you contemplate that pile of forms and permissions that probably sits in the ‘pending file’ on your desk or at the back of an overcrowded filing cabinet.
1. Maintain it
Even as the ink dries or the PC sign up is clicked, the information you have been given will already be out of date (sorry!). Permissions given can be rescinded, circumstances change or data become obsolete; whilst new people can join or connect with your church all the time.
Give some thought to creating a process whereby the data and information you hold is regularly reviewed and updated where necessary, ensuring you continue to seek and hold the necessary permissions for everyone with whom you are in contact.
Experience suggests that it is easiest to do this, for new contacts, as early on in a relationship as possible, so for example, get any GDPR related forms filled in and signed as part of a welcome process, baptism visit or similar, rather than waiting until a ‘later’, which may never come.
Periodically checking that the data you already hold is accurate can also have many other benefits. Having a regular pattern of checking in with members and contacts to ensure what we know about them is still accurate, done sensitively and not too often, can, for example, offer many pastoral opportunities. Also think about a periodic reminder, for those that never got round to filling in that form in the first place, that it is still not too late to do so.
Holding an accurate and up to date ‘pastoral list’ will also save your clergy and pastoral teams endless hours searching for addresses, phone numbers etc. There are, however, clear GDPR guidelines on how we store data and access data.
2. Own it.
GDPR legislation largely reinforced pre-existing data protection rules on how and by whom data should be stored and used.
Many churches, as part of the process prompted by GDPR, undertook a ‘data audit’ and this may be an excellent opportunity to do so if you have not already.
This can sound intimidating, but does not have to be. You are really just seeking to discover who has access to what information and how they use it.
It is fair to say that churches have not always been good at this, with for example, the Sunday School leader, Treasurer, flower arrangers and bell ringers all holding their own ‘lists’ and versions of personal information and all using them to communicate on behalf of the church. In essence, whilst a degree of practicality is required, we need to remember that if someone is communicating as the church, whoever they are and whoever they are communicating with, they should use and store data in accordance with the GDPR legislation by which they are bound.
Fortunately, others have wrestled with these issues before and there are now, for example, a variety of excellent and cost – effective technological solutions available for churches that can offer options to manage data well and which comply with GDPR. If you have not already gone down that route, and it might be appropriate, please consider attending our upcoming ‘Technology for the smaller church’ Area Training Day.
3. Use it
All this lovely new information also gives you an opportunity to think again about how you might communicate with those who have agreed to stay in touch with you.
Much has been written on the area of church communication, but, as for data storage, technology now allows us to do so much more creatively and personally with our members and contacts.
Maybe consider commissioning a diverse group from within the church family and also your wider community to review what the church currently does and bring forward recommendations for developing both internal and external communication, using the extra and hopefully more accurate information you now hold? If you are stuck for ideas, why not use our on-line forums to ask others what communication mechanisms work for them?
4. Review it.
GDPR legislation also means that obsolete data must be deleted and individuals also have what is being called the ‘right to be forgotten’. If you have not already done so, consider scheduling in to your future plans a discussion of when and how you will remove the records of those who have left the church, lost contact, died etc. and consider documenting this in a ‘data retention’ policy for the church. You will also need to think about how you will manage any ‘right to be forgotten’ requests that you may receive. It is important that you involve you Treasurer and / or Finance team in this conversation as the financial and tax records they hold have distinct rules that they must adhere to.
In many churches, and indeed other organisations, GDPR became a ‘dirty word’ and a cause of stress for a few months earlier this year. Reaching the 25 May was therefore, and rightly greeted with a huge sigh of relief, not least because all our in boxes suddenly stopped getting those ‘requests to stay in touch’ emails from people who we did not even know had our information. However, to both fully comply with GDPR and to make full use of the opportunities GDPR offers, the work needs to continue on that ‘fistful of data’ you now have.