GDPR – General Data Protection Regulation


The General Data Protection Regulation (GDPR) is a piece of legislation that came into effect in May 2018. It was new to everyone and has an impact on almost every organisation, charity, and PCC. Each diocese is working on how to support Cathedrals, DBF offices and parishes, and will be doing various things to achieve compliance.

If you aren’t familiar with GDPR, there are range of documents that you will find helpful in preparing for, and setting up your GDPR work. This page is the central resource for GDPR for us in Gloucester Diocese.

The key elements for every PCC are:

  1. A data policy
  2. A privacy notice
  3. Clarity on when you need explicit consent for when using/sharing data
  4. What you need for:
    • APCMs
    • Electoral Roll
    • PCCs


Background Information


What PCCs need to be aware of

  1. Overview of GDPR – Parish GDPR Fact Sheet
  2. Training slides from our diocesan workshops – GDPR training for Parishes
  3. Parish Guide to GDPR – Click here for the detailed guide
    Brief guide to Data Protection for PCC members – Click here


What PCCs need to do

  1. Data Audit Checklist – Parish Resources Data Audit Checklist Template
  2. Make a plan with questions to help you where you have gaps in your checklist
  3. Agree a parish template policy – Parish Data and Information policy statement
  4. Initial Privacy Notice for Incumbents and Initial Privacy Notice for PCCs

Do you have someone who can help you in the parish? We are hoping to have a working network of parish people. Let us know if you do. We are currently working on a mini role description for this position.


What PCCs need

  1. PCC Data Policy – Parish Data and Information policy statement
  2. Completed Audit Checklist
  3. Initial Privacy Notice for Incumbents and Initial Privacy Notice for PCCs
  4. Consent form template where you need one –
  5. Data/GDPR file to keep a record of all your plans, records and audit checklist!


Parish Resources

This is the hub for national resources and has detailed information and resources on GDPR

Once you have worked through these resources and identified any questions, please check our frequently asked questions section below.


What questions PCCs may have

  1. Privacy Notice vs Consent – Consent and Privacy Notice check out this document when you need either/both and add these to your plan
  2. Privacy Notice vs Consent –
  3. Frequently Asked Questions


Frequently Asked Questions

Check whether your questions have been answered on our Frequently Asked Questions page.

We have set up a ku.gr1718992544o.coi1718992544dsolg1718992544@rpdg1718992544 email account for very general parish based enquiries (ie not parish specific) – please do email us your questions and we will compile an updated FAQ and publish them here, with a generic mix of the most frequently asked questions, and highlight them on the diocesan website as a further way of people checking things out.

Privacy vs Consent Diocesan Document

GDPR – key messages PowerPoint


GDPR helpline

We have set up a helpline with our legal advisers VWV, (funded by the Diocesan Board of Finance) for parish specific enquiries that you may have from working through your checklists and templates.
The helpline number is: 0117 314 5311.
Each parish is eligible to one hour of dedicated GDPR legal advice from one of the team there.  (The hour may be cumulative too as you may have several questions over a period of time). Before calling VWV, we would ask that you have used all the resources above. VWV will be able to advise you on any questions specific to your setting.


Other information

As things progress and dioceses offer information and guidance we will add anything directly here that might be of interest. London Diocese also has a resource that you might find helpful.

ICO: An Overview of the General Data Protection Regulation (GDPR)

Parish Resources: GDPR

Church Representation Rules