Data Protection - Guidance for Churches and Circuits

The District’s Data Protection Resource Group are here to provide support with your data protection problems and queries. Below are some useful links and top tips that may prove helpful, but if you require further support, please get in touch with the Resource Group via admin@methodistlondon.org.uk.

Privacy Notice

All Churches and Circuits require a Privacy notice. A Privacy Notice is simply a document which tells everyone what type of data you might hold on them, what you do with that data and more importantly what you won’t do with their data and how you’ll keep that data secure. Click here for all the information you need to know about your Privacy Notice - https://www.tmcp.org.uk/about/data-protection/managing-trustees-privacy-notice And to download a template notice click here - https://www.tmcp.org.uk/kcfinder-uploads/files/managing-trustees-privacy-notice.pdf

Data Map

A data map is effectively a list of all the data your Church or Circuit holds, with a little extra information thrown in, such as what is the data for, do you need/have consent, how is it held securely, how long will you retain it etc. Until you do this exercise, you probably don’t realise just how much data your Church or Circuit hold. Once you have a primary document of your data map, it is just simply a case of reviewing it annually (or more often) to add any additional types of data or changes to the way you hold it etc. A template data map can be found on TMCP’s website - https://www.tmcp.org.uk/about/data-protection/resources/standard-documents-and-forms/data-mapping-form

Consent form

Not all of the data you hold requires consent from an individual. There is a vast amount of information out there about the lawful basis to hold data which in turn will tell you whether you need consent, but put simply: An individual’s information must be given freely without any consequences if they decide not to give you their data; Needs to be specific and informed, i.e. do they know/understand what they are consenting to and have you provided options for their consent, i.e. what type of information are you sending them, would they prefer to be contacted by email/phone/post etc. Keep your consent information/options easy to understand The consent needs to be explicit If you need a template consent form on TMCP’s website you can find it here - https://www.tmcp.org.uk/about/data-protection/resources/standard-documents-and-forms/consent-form

Processor Record

This operates as an index to your data protection work. It points to who in your church or circuit takes responsibility for data protection, names all the documents you should have and where they are kept. You can download a template and an example record here - https://www.tmcp.org.uk/about/data-protection/resources/standard-documents-and-forms/processor-record

Training opportunities for 2024

2024-02-21

2pm

4pm

Data Protection Training: Back to Basics

Do you find data protection confusing, overly complicated and onerous? Join the District’s Data Protection Resource Group as we rewind and take you back to basics. We’ll be covering:

What is data protection and why do we need it in our lives
What is the data protection checklist we hear about every year?
Breaking down the jargon (Data Mapping, Data Protection Privy Notice, Consent Vs Legitimate Interest, Security, Data Processor Record)
Data Protection in context of the Church

This will be held online.

Book here

2024-05-08

10am

11:30am

Data Protection Checklist Drop In Session

Members of the District’s Data Protection Resource Group will be on hand to answer church/circuit questions. The session is for anyone to drop in (at any point over the 1hr 30 minute period) with a question on general data protection and/or the data protection checklist.

Book here

Data Protection Top Tips

Data Protection doesn’t have to be scary and onerous. Most of the requirements are common sense. Ask yourself “would I want my personal data handled this way?” – if the answer is no, think about the steps you might need to take to provide more security/better management or better processing techniques.

Keep your data in one place. Try to maintain your data in a spreadsheet, database or CRM system. These systems make it easier to manage, process and maintain your data. The more sophisticated the software, the more it can integrate with other systems and tools you use (such as email), but you can just keep it simple in a spreadsheet.

Do an annual data review – stick it in the diary at the same time every year and review what you hold.

Minimise the data you hold. Consider ‘want’ versus ‘need’. If you ‘need’ the data in order for your church and/or circuit to function, chances are you will have a lawful basis to hold that data and a requirement to process it. If you ‘want’ the data, you probably shouldn’t retain the data without consent, and you’ll also need to consider why you want to retain it.

Destroying data – don’t be afraid to simply remove data you don’t need. There are lot’s of great data savvy shredding companies out there who will come to your offices, shred documents securely and provide certification of it’s safe and secure disposal

Secure storage doesn’t have to be a multi-factor authentication encrypted password spreadsheet. Secure could just be a locked office or a locked drawer – a place away from eyes and locked so that it cannot be mislaid or picked up by someone who should not have access to the data. If, however, your data is electronic (as most is these days), take advantage of built in passwords/encryptions. A quick google search will help to sort this out. An easy tip to remember, is clear your desk each day, and lock your computer screen when you walk away (or set it so it auto locks after 5 mins of inactivity)

After all that – don’t forget to complete your annual data protection checklist by 31st May 2023. The District will send details of the form via your Superintendent and Circuit Administrator, or you can contact the Data Protection Resource Group for a direct link to the form to complete.

Do you have a top tips you would like to share with the rest of the District? We’d love to hear all of them and share them with our churches and circuits.

Do remember that the District’s Data Protection Resource Group is here to support all of our churches and circuits across London.

Click here to email the Data Protection Resource Group