The new General Data Protection Regulations came into force in May 2018. Since that time much has been clarified by the church as to what this means to us by virtue of one's membership, what information we can hold and for what purposes it can be used.
The Methodist church has a detailed Privacy Notice that explains the legal basis on which we can carry out our 'business' or duties of the church. A copy of this can be found in each church in
the Public Documents file.
The changes brought in by GDPR do not now seem to be as far reaching or alarming as perhaps was feared from the media coverage and information initially available. In effect, what these regulations do is to promote and provide a legal framework for us to demonstrate care, consideration and respect in our handling and dealing with the personal information that we
Care in how we store and record information and with whom we share it – in that we take the time to make sure that the information we hold it is up to date and accurate.
Consideration as to what information we need and therefore what information we should hold. We should not presume that we are entitled to know everything. We should also show consideration as to how we use the information that has been given to us.
We should Respect a person's right to confidentiality, respect their right to say when and if their information is shared(acknowledging that there are some exceptions to this). Respect the decision about how they wish to be contacted and what they wish to be contacted about. Respect an individual right to see the information we hold about them and to have that information deleted when no longer required.
For many people who volunteer or work within the church this is not be a significant new way of working as they already incorporate the ethos of care, consideration and respect into roles they undertake. Perhaps what GDPR does, is to provide more formality, consistency and structure to this way of working and it places a duty on ourselves to be able demonstrate this in respect of the personal information that we hold. Not just demonstrate this to the Government, Connexion, District, Circuit or at a local level, but perhaps most importantly we are able to demonstrate this to the individuals whose information we are entrusted with. This guidance will hopefully enable us to do that and to also provide a framework that will demonstrate due diligence in respect of our responsibilities.
This guidance is intended to be a working document and as such will be added to, amended and reviewed as new information becomes available.