Data Protection

The General Data Protection Regulation (GDPR) came into force on 25th May 2018. This is an E.U. piece of legislation which is now incorporated into U.K. law. The Data Protection Act 2018 replaces the Data Protection Act 1998.

All organisations handling individuals’ personal information are obliged to act in accordance with best practice and will face the prospect of significant fines for non-compliance.

The main change is in the fact that it will no longer be enough to do the right thing; we will all now have to produce the evidence that we are doing so and that we are doing so thoughtfully and deliberately.

The Church of Scotland Law Department has produced much useful information on the subject and I would encourage all involved in processing data on behalf of their Church to acquaint themselves with its content; available on the website, under Resources / Law Circulars / Data Protection. In particular, there is a new GDPR training webinar available on the website.

Each congregation is responsible for complying with the requirements of the GDPR, as detailed in the Minutes dated 23rd October 2018:
“The Presbytery instruct all Congregations within the bounds to ensure that Congregational Office Bearers access and make use of the range of resources prepared by the Law Department to enable compliance with the terms of the General Data Protection Regulation from 25th May 2018.”

Any queries on the subject should be directed through the Presbytery Office or the Church of Scotland Law Department.