You may be surprised at just how much personal data is stored and processed in a parish. So, ensuring your church is compliant with the GDPR is important and something you should revisit regularly.
Carrying out a Data Audit
Here are some questions to help you carry out an audit:
- What kind of data is being collected and stored, where and why?
- Which different church groups might store their own data? Make sure you cover them.
- How is the data used (i.e. processed) both internally and externally?
- How long is the data retained?
- Who has access to the data both inside and outside of the business?
- What procedures and controls are in place to keep data safe?
The Diocese of London have produced a Church GDPR Audit Questionnaire which you may find useful when auditing your processing of personal data.