We're already seeing lots of churches work out how to implement their GDPR documents and do their audit. Software systems that are used by churches have been a big part of this, but are being implemented differently and with various approaches that are proving unhelpful for some.
First, please don't panic. 25th May is the day when legislation comes into place, but practically May 26th will feel very much like May 25th and May 24th. Armageddon has not arrived, but an obligation to be looking after our data well and with good, accountable, stewardship, has arrived.
By now, you should have:
- read through a guide to GDPR (see our excellent article by logging into your UCAN MyChurchSuite account and clicking on the GDPR tab.
- done a data audit through your office systems, and down through any teams or delegated groups that are delivering ministry in the church
- worked out how you would practically deliver a request for removal or viewing of the data you hold
- think through how you can engage with members of the congregation(s) to positively see what you hold on their behalf - it's an excellent opportunity to talk about accountability, ask about being part of a small group or serving team, and whether the gift-aid record for them is correct.
- Diary an annual review to check that what you think is in place is still in place, and that this audit reconnects/reminds people who may be holding data on behalf of your church.
Going forwards, operating GDPR compliance and requests has a similar workload and responsibility to safeguarding. It is your responsibility to make sure that you have the documentation under review each year, the processes running and reported to the senior management/pastors of your church, and ensuring that gaining people's explicit consent for their contact/personal information to be stored within your records is happening for each new person coming into your church congregation.
If you need help, please contact us - you are not alone.