Following several enquiries about GDPR and if it affects the Electoral Roll, below is the answer from our legal team:
The forms are prescribed and included as part of the Church Representation Rules, (part of the Synodical Government Measure 1969). If they were to be amended it would mean they would have to go through the legislative process, which would take some time.
In any event, I view the processing of personal data in relation to the electoral roll in the following manner:- Although the data is, by implication (if nothing else), sensitive personal data because of its connection to religious belief, the processing of this data relates to members (or individuals in regular contact with the PCC). This processing under the CRR can be seen as a legitimate activity of the PCC (i.e. a not-for-profit body), (see Art 9(2)(d) of the GDPR) carried out under the CRR.
In addition, the “Form of Notice of Revision of Church Electoral Roll” states that a copy of the revised roll shall be exhibited for not less than 14 days on, or near to, the principal door of the Parish Church for inspection. Indeed, under r.2(1) this “Form of Notice” of the intended revision is itself published on or near the church door of every church in the parish and every building licensed for worship and will remain there for a period of not less than 14 days prior to the revision, making individuals aware that the revised roll will be published, so giving them a chance to object. So, that by applying to have their name entered on the electoral roll they are already consenting to its publication in the manner set out above. Indeed, I think an individual would be hard pushed to argue that their name shouldn’t be published in this manner, if they apply to be on the electoral roll.
(In any case, in terms of the 2018 round of APCMs, the GDPR will not apply at that time (so the DPA 1998 will continue to apply) because it does not come into effect until 25 May 2018.)