If a church holds personal data either on a computer or in a paper-based filing system it must follow the rules set out in the Data Protection Act and, from 25 May 2018, the new General Data Protection Regulations (GDPR). This leaflet, which has been revised to take the new GDPR into account, explains what this means for churches. It should however only be taken as general guidance. If churches have questions that fall outside the scope of this leaflet then we would advise that you contact the Information Commissioner’s Office for their advice.
Please note that we now have web-page dedicated to Data Protection which includes a template policy for churches. This can be found at www.baptist.org.uk/gdpr