GDPR and other Resources
There is considerable confusion and concern about what churches need to do to comply with the new General Data Protection Regulations (GDPR). The Methodist Church approach is not necessarily the same as that in other churches because of our structure as a national Connected organisation. We have 2 Data Controllers - one at TMCP in Manchester and another in the Conference Office in London.
General data protection issues relating to day to day matters such as lists of members, third party users of church premises and lay employees employed by local Churches, Circuits and Districts are covered by TMCP’s notification whereas data protection matters concerning safeguarding and complaints and discipline issues are covered by the Connexional Team’s notification.
If any data protection issues arise such as requests by individuals for information relating to the data held by Managing Trustees or breaches of security, first identify who the appropriate controller is and then contact TMCP or the Conference Office at Methodist Church House as appropriate. This includes any Data Subject Access Requests (SARs) that Managing Trustees receive from members or former members and employees of former employees of the Church.
Given the types of data protection issues that Managing Trustees are likely to face, the following rule of thumb can be applied:
Does the issue relate to safeguarding and complaints and discipline issues? => Contact the Conference Office at Methodist Church House.
Does the issue relate to any other data protection issues? => Contact TMCP Data Protection .
For lots more detailed advice and various templates look at the TMCP website using the following link
This page last modified on: Sunday 29 Apr 2018