The General Data Protection Regulation (GDPR) is a new regulation which aims to harmonise data privacy and protection laws across Europe. It is coming into effect on 25th May and will impact us all; it will also continue to apply in both Northern Ireland and the Republic of Ireland following Brexit.

GDPR aims to ensure that our personal data is used in a lawful, transparent and fair way. Personal data is any information about a living individual that can identify them such as their name, address, date of birth, PPS or National Insurance number, and phone number. Sensitive personal data includes very private and confidential information about an individual and must be treated with the utmost respect. It includes information about a person’s racial or ethnic origin, political opinions, religious belief, and physical or mental health, and also data relating to children aged under 16.

Each organisation within the Church of Ireland, including every parish unit, will need to:

1. agree who is in charge of managing data protection;
2. become accountable by reviewing all the personal information held;
3. develop policies, processes and notices; and
4. communicate – be informed and talk to staff, parishioners and other contacts.

The Representative Church Body is currently holding a number of seminars on GDPR and parish accounts. [Church of Ireland Press Office]