Since May 2018 it’s been a legal requirement for every church to conform to the General Data Protection Regulation, which dictates how you can use people’s personal data. Our Data Protections experts have explored all the ins and outs of GDPR so that you don’t have to.

GDPR in practice…

It’s the first morning of your church’s holiday club. Volunteers are buzzing around; parents and children are beginning to wander through the door. Excitement is mounting. You’re ready with your registration sheet to take names, addresses, phone numbers and dietary information so you can keep in contact with the family.

Or perhaps you’re looking through the new list of church members, updating addresses and phone numbers, trying to format it all.

Sound familiar?

But what do you do with the information you’re holding? How do you keep it? How do you make sure it’s safe? These questions became even more important in 2018 when changes in data protection law came into force.

In 25 May 2018, the 1998 Data Protection Act became replaced by the General Data Protection Regulation (GDPR).

This means changes for how your church handles personal information and it also means more consequences for you when information isn’t properly looked after. Since May 2018 churches have had an even greater responsibility to care for the information that the mum from holiday club scribbled down on a registration form.

What does it mean for your church?

So what’s happened and what does it mean for your church? How can we love our church families and communities well as we seek to honour God in this? Here are some questions and pointers to get you thinking how to approach this positively:

Review your current procedures

What personal information does your church keep? Addresses, phone numbers, email addresses or members or other contacts? Who uses this information? How do you store it?


One the major changes which came in with GDPR is how you get consent for the information you hold. Consent needs to be given clearly in a separate form. Do you have a process for this?

Storing information securely

How do you store the information you hold? If it’s paper copies, are they securely stored? If it’s stored digitally, is it encrypted? Who has access to the information?

GDPR means churches need to be more aware of securing information from any ‘data breaches’. Your church is responsible for looking after the information that people trust you with.

Using information responsibly

Do you have someone who is responsible for data protection in your church? How long do you keep information for? Why do you keep it? Get thinking about how you can incorporate data protection in the planning level of all your events. Get used to factoring it into your planning and processes.

This may seem like a lot of information to take in, but don’t panic! We’ve done a lot of the thinking for you and you can read the details in this free booklet. To help you implement these changes, we have produced a pack of model documents which are available for you to buy. This pack includes:

  • Data protection policy and guidance
  • Information security policy
  • Draft privacy notice
  • Retention of records policy
  • Complaints process
  • Audit checklist for compliance
  • Breach procedure

We hope this pack helps you to serve your congregations and communities in a God-honouring way as we navigate our way through these changes.


This information has been provided by solicitors working for Edward Connor Solicitors. It is designed for the purpose of knowledge sharing only and does not constitute legal advice.

Please give us a call if you want to talk through your requirements and find out how we might be able to help you.

call us email us