Data Protection - GDPR

The General Data Protection Regulation (GDPR) will take effect in the UK from 25 May 2018. It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations. Parishes must comply with its requirements, just like any other charity or organisation.

Key people within Church House are attending training and information days to better understand the implications of GDPR, for the diocese and for parishes.  More information will be issued when it is available.  There are a number of information sources that can help start to think through the implications of the GDPR and what actions might need to be taken. 


  • The Church of England has produced a PCC Overview, Detailed Guide and checklist on the Parish Resources website here: GDPR resources.
  • Particularly helpful at giving an overview of GDPR for parishes is the FAQ produced by Parish Resources.
  • The Information Commissioner’s Office (ICO) has launched a dedicated advice line  to help small organisations prepare for a new data protection law.  The phone service is aimed at people running small businesses or charities and recognises the particular problems they face getting ready for the new law: ICO GDPR.
  • The ICO has produced an advice booklet that is useful for sharing with others: 12 steps to take now