The GDPR Challenge for Churches

The Church Consent Register is designed to help churches of all denominations comply with the legal requirements of the General Data Protection Regulation , especially when sending out bulk email communications to members of their congregations.

New Data Protection laws apply now.

The new European General Data Protection Regulation (GDPR)  replaces the 1998 Data Protection Act. It gives individuals more rights and protection in how their personal information is used by organisations.

The act applies to church parishes – just like it does to any other charity or organisation.


Information is Key

In this information age, what details you hold and what you do with them are key. This is the focus of the new General Data Protection Regulations. Traditionally, information relating to congregation members would be held in filing cabinets – either in a church office or at the vicarage. Today, the same information is much more likely to be held electronically.

The new rules require that you allow a person access to see their own information that you hold – reagrdless of where it is or how it is held. There are also provisions for them to be given copies. Furthermore, you are required to correct any information which is inaccurate or out-of-date.

Your members also have the right to know what you will be using the information for. Just having information does not give a church the right to use it however they wish. For example – a parishioner may be happy for you to hold their address and telephone number so that you can visit them when they are ill, but may not be so happy for you to publish this information in a parish directory which is available to everyone. So for this, you will need their consent.

Here, too, the Church Consent Register will help. It can be used to tell your congregation what information you are holding and what use you intend to make of it.

Congregation Emails

Sending emails is rapidly becoming the preferred method for the parish office and incumbent to send information to members of the congregation.

However, the last few years have seen an explosion of unsolicited emails. Whilst the ability to communicate with someone cheaply, quickly and accurately is to be welcomed, we seem to have become bogged down in email-overload. Not all emails are of interest to us – and some are definitely not wanted. Every day, it seems, we read in the press of emails promoting some scam or other – or even carrying viruses.

Under the new regulations, emails may only be sent with prior consent. No longer is it permissable to sent out unsolicited emails to everyone in the congregation. Only those who have given their consent may be emailed. What’s more, consent must be given for specific information. Blanket consents are not generally sufficient. Nor is it acceptable to assume consent just because you have received no ‘opt-out’ request or because you happen to have someone’s email address already in the church computer.

For example, you cannot email everyone on the electoral roll, or even everyone for whom you have a Gift Aid declaration, with fundraising communications. You need explicit consent.

This means that parishes must maintain lists showing which people have given their consent to be contacted via email – and for which subjects. And deciding which people can be emailed with, for example, an invitation to a fundraising event, can be time-consuming.

And this is where the Church Consent Register comes into its own. Using its library of email subjects, your members can pre-consent to which emails are acceptable.

The Incumbent Dilemma

The new legislation has additional problems for Church of England incumbents. Because they are not employed by the PCC, they are seen, in law, as being separate legal entities. This means that they are also subject to the same rules and regulations – but are unable to assume that any consents given to their parish apply to them also. Therefore they are required to hold their own separate register of consents.

Fortunately, the Church Consent Register is aware of this and maintains separate lists for them, automatically.

Multi-Parish Offices

With the shortage of clergy – especially in rural areas – it is now common for a single priest to be in charge of several parishes. This has, in turn, led to the formation of a central parish office which administers to several parishes. Where these parishes are combined into a single benefice under a single PCC then a single set of consent records will suffice.

However, where no such joint benefice exists, and each church in a group of churches has its own PCC, then they are all separate legal entities. Therefore each PCC is responsible for holding its own records.

But help is at hand. The Church Consent Register can be made aware of  these “umbrella” offices – and their component parishes – and will maintain records for each PCC concurrently. This will substantially reduce the maintenance effort by the office staff, the incumbent and all members of the congregation.

The Church Consent Register will help.

Click here to see how it will help you.