Data Protection: Parishes and GDPR

In 2018 the General Data Protection Regulations (GDPR) replaced the Data Protection Act (DPA 1998).  Brexit has not made a material difference to the regulations. 

While the GDPR contains all the same principles as the DPA, there are some additional requirements, in particular regarding the need to obtain proper consent to retain personal information about a living individual. In addition the regulations increase the rights of an individual in respect of how their data is kept and includes the right to be “forgotten”. Read more on the differences here

You will be able to get a good overview of the GDPR requirements by reading the documents on this page.  The templates at the end – particularly the Audit Form, the Privacy Notice and the Consent Form – will help make your parish compliant to the GDPR requirements.

Explore these pages for more:

GDPR Training

Parish Buying has negotiated discounted rates on GDPR training with provider Me Training.  Each course costs just £10 and there are five levels, ranging from Basic to Advanced.  You can book through Parish Buying by following this link.  (Free registration is needed.)


You might find these templates useful for your parish GDPR admin:

Last Updated

14 Mar 2024 – updated Churches’ CCTV Policy Template V.2.0