*** DEBUG END ***

Don’t panic about new data law, churches told, after bishops focus on compliance over parish burden

09 March 2018

CHURCHES around the country face a looming deadline to comply with new data regulations that come into effect on 25 May.

There are fewer than 80 days until the EU’s General Data Protection Regulation (GDPR) becomes law. It has an impact on every parish, as well as the national Church.

GDPR replaces existing data-protection laws with more stringent regulations that give individuals more rights over the use of their personal data. There is an onus on every voluntary organisation, which includes parish churches, to become more accountable with regard to the data that they keep, and also more transparent in storing and using that data.

The Director of Libraries and Archives for the Church of England, Declan Kelly, has been leading the task of organising the transfer to the new regulation. He said on Tuesday that the Church was “telling people not to panic about this, because you are probably doing a lot already” in terms of managing data.

Implementing GDPR was “do-able” and “not scary”, Mr Kelly said. He acknowledged, however, that there were those who were “quite rightly concerned about the fact that this is a lot of work”.

Most dioceses have put on training days to help parishes prepare for the rule changes that are two months away.

The Canterbury diocesan director of communications, Anna Drew, said that her diocese had a “moral responsibility” to help churches to comply with the new regulations.

The Priest-in-Charge of St James’s, West End, near Southampton, the Revd Thomas Wharton, said that members of his PCC had been on training days, which had been excellent, and that churches had been working together to become compliant with the new regulations.

The diocese of Oxford’s director of communications, Steven Buckley, said that 17 courses offered by the diocese were fully booked, and that parishes had shown a high level of interest in learning more about the new regulations.

Mrs Drew said that, while it was “not a big leap” from the Data Protection Act to GDPR, parishes were worried by the amount of work that they needed to do. The “key thing [for parishes] is to show you are doing everything to be compliant”, she said.

Mr Wharton said that he first became aware of the new regulations last year, and appointed a PCC member to be data-protection officer. In the early stages, he “did not know quite where to turn”, but, “in the last year, there has been much more of a directive” from the national Church and the diocese of Winchester.

It had been “quite a massive task” to sort out the data for the parish, despite having a regular congregation of about 150. “Large churches have more data, but it is the smaller churches who find it more difficult. . . We are all surprised at how much data we have got.”

Mr Kelly said that the Church was already very careful with data protection; so the challenge should not be too big. “Given that we are already careful about data, the Information Commissioner [ICO] will be chasing big organisations that are playing fast and loose with data, or companies who have lost people’s data.”

GDPR was “about avoiding harm to individuals by misusing data”. Mr Kelly urged PCCs to consider: “If this was my data, would I be happy with how it is being treated?”

The ICO had issued fines in fewer than one per cent of their investigations last year: consent was not needed for every piece of data, and it was a myth that it all needed to be fully completed by 25 May.

Churches “have to get there [sort out their data protection] in a reasonable amount of time”, and the work should be “building on existing data-protection, which is something the Church was already doing well”.

Dioceses, such as Portsmouth and Norwich, have released guides, while the Parish Resources site has published FAQs and a help sheet for PCCs.

Nevertheless, there has been some bafflement among lay people that the Bishops’ effort has been on compliance with the new legislation rather than amending it to reduce the burden on unpaid volunteers in parishes and other small organisations, particularly given that the legislation’s primary target had been abuses by large corporations.

In a letter in the Church Times this week, a churchwarden in London diocese, Mark Stimpson, who praises the training that he received at a diocesan GDPR workshop, complains none the less: “The GDPR Bill has already had three readings in the House of Lords, but, as far as I am aware, not a single bishop has raised serious concerns about the impact that it will have on the voluntary sector. . .

“The bishops in the House of Lords should have been unflinching in their opposition to this Bill. . . Either they do not realise the impact that it will have on volunteers in their parishes, or they do not care.”

Browse Church and Charity jobs on the Church Times jobsite

Forthcoming Events

Green Church Awards

Closing date: 30 June 2024

Read more details about the awards


Festival of Preaching

15-17 September 2024

The festival moves to Cambridge along with a sparkling selection of expert speakers

tickets available



Festival of Faith and Literature

28 February - 2 March 2025

The festival programme is soon to be announced sign up to our newsletter to stay informed about all festival news.

Festival website


ViSIt our Events page for upcoming and past events 

Welcome to the Church Times


To explore the Church Times website fully, please sign in or subscribe.

Non-subscribers can read four articles for free each month. (You will need to register.)