Data Protection Law and Your Church

From May 2018 it is a legal requirement for every church to conform to the General Data Protection Regulation, which dictates how you can use people’s personal data. FIEC Practical Services have been exploring all the ins and outs of GDPR so that you don’t have to.

It’s the first morning of your church’s holiday club. Volunteers are buzzing around; parents and children are beginning to wander through the door. Excitement is mounting. You are ready with your registration sheet to take names, addresses, phone numbers and dietary information so you can keep in contact with the family.

Or perhaps you are looking through the new list of church members, updating addresses and phone numbers, trying to format it all.

Sound familiar?

But what do you do with the information you are holding? How do you keep it? How do you make sure it is safe? These questions will become even more important in May 2018 when changes in data protection law come into force. From 25 May 2018, the 1998 Data Protection Act will be replaced by the General Data Protection Regulation (GDPR).

This will mean changes for how your church handles personal information and it also means more consequences for you when information is not properly looked after. From May 2018 churches will have an even greater responsibility to care for the information that the mum from holiday club scribbled down on a registration form.

So what is happening and what does it mean for your church? How can we love our church families and communities well, as we seek to honour God in this? Here are some questions and pointers to get you thinking how to approach this positively.

Review your current procedures

What personal information does your church keep? Addresses, phone numbers, email addresses of members or other contacts? Who uses this information? How do you store it?


One the major changes which will come in with GDPR is how you get consent for the information you hold. Consent will need to be given clearly in a separate form. Do you have a process for this?

Storing information securely

How do you store the information you hold? If it is paper copies, are they securely stored? If it is stored digitally, is it encrypted? Who has access to the information? GDPR will mean churches need to be more aware of securing information from any ‘data breaches’. Your church will be responsible for looking after the information that people trust you with.

Using information responsibly

Do you have someone who is responsible for data protection in your church? How long do you keep information for? Why do you keep it? Get thinking about how you can incorporate data protection in the planning level of all your events. Get used to factoring it into your planning and processes.

This may seem like a lot of information to take in, but do not panic! To help you implement these changes, FIEC Practical Services have produced a pack of model documents which are available for you to buy. This pack includes:

  • Data protection policy and guidance
  • Information security policy
  • Draft privacy notice
  • Retention of records policy
  • Complaints process
  • Audit checklist for compliance
  • Breach procedure

It is available to FIEC churches for £100+VAT and to non-FIEC churches for £150+VAT.

Please contact FIEC Practical Services to purchase the pack at or call on 01858 411569. They hope this pack helps you to serve your congregations and communities in a God-honouring way as you navigate your way through these changes.

Foundations Spring 2018