Data Protection Documents
From this page you can access the following documents which are intended to help our churches comply with the new Data Protection legislation (GDPR)
Please note that we will update these as and when further information or advice becomes available from the ICO or our solictors. Once we have updated a document we will note this in the list below.
We have now added a suggested Data Retention Schedule for churches to this list of documents.
The BUC Guideline Leaflet L13: Data Protection
should be read by at least one person in your church. Among other things this includes a Checklist and Action Points which churches will find helpful to work through as well as some ideas for training within your church.
Updated on 15 May 2018 to include a new section (5.4) about Data Impact Assessments and a new clause for church privacy statements to cover sharing names and contact details with the Baptist Union and relevant Associaiton
Updated on 11 April 2018 to amend references to Data Protection Officers and update the sample privacy statements accordingly
Updated in March 2018 to include the new information on ICO registration and fees.
for use in a Church Meeting or other similar gathering.
We have a PowerPoint Presentation
(also available in PDF format
Feel free to adapt these for your own use including correcting any spelling mistakes or incorrect punctuation!
A Frequently Asked Questions document
which we will add to regularly as new questions are asked. [Updated 23 May 2018]
May update has clarification about US-based companies who store or prcess personal information
Now includes clarification that churches do not need to appoint a Data Protection Officer, link to the ICO guidance on CCTV, more advice on obtaining consent where this is needed and how to check if the US-based company you use to store or process data is deemed to have 'adequate protection'
Sample Privacy Statements
as a Word Document [Added 11 April 2018 and updated with new clause in the first sample privacy notice on 16 May 2018]
and a sample Contact and Consent Form
[Available as a Word Document
and in pdf form
] for collecting information from Church Members (and regular attenders) [Added 25 April 2018]
Please note that all of these are samples and must be adapted to suit your own church's practices and procedures. When producing a form to collect information please remember to only collect the information you actually need.
A Template Policy for churches
to adapt as appropriate and adopt. This is available as a Word Document
and in pdf form.
Please note that this should be read alongside our Guideline Leaflet (L13)
. Not every part of this policy will be relevant to all churches. [NOTE: This was updated on 25 April 2018 with further revisions to clause 5.4]
A basic Information Audit Template
to help churches to identify and compile a list of the information they process. This will help with Sections 13 and 16 of the Template Policy and is available as a Word Document
and in pdf form. [NOTE: Revised version added 01 March 2018. This has an adiitonal column to record where consent records are kept]
We have produced a suggested Data Retention Schedule
for churches to adapt for their own use. This is available as a Word Document
and in pdf form.
Some of the time periods given relate to legal requirements and other are 'Good Practice' and we have indicated this in the document.
Data Protection Guidance is that personal information should not bekept for any longer than you need it. Individual churches will need to decide what that means in their own context.