GDPR Myth Buster

GDPR

To properly administer a Life Event service, whether a wedding, a funeral or the baptism of a child, you need to collect data, and from a pastoral perspective it makes sense to use that data to build and maintain a relationship after the service. You will want to invite a recently-baptized child and their family back to church, to support them on their spiritual journey. You might like to contact a married couple on their anniversary, or offer marriage counselling. For those who have experienced a church-led funeral, whether at church or at a crematorium, you may wish to send cards, offer bereavement support, and of course remember them in prayer.


Can I still do all of this now that GDPR is enshrined into law?

Yes, if you are in regular contact with those people, then this is covered under ‘legitimate interest’ and you do not need consent to keep in touch. If you are not in regular contact, you should ask the person/people if they would like to stay in contact. If they indicate they’d like you to stay in touch, follow this up by getting them to fill out a ‘keep in touch’ form. There is an example of this on the Parish Resources website along with plenty of guidance about GPDR which has been designed to support parishes and their work – http://www.parishresources.org.uk/gdpr/

A simple key thing to remember around GDPR for churches is that a good deal of your processing of data will be based not on consent, but on one of the legitimate interests allowed for managing the administration of the parish and providing pastoral support for your parishioners.


Can I share data with third parties?

Yes, with consent, so for example, if a family member asks you to make arrangements with a Funeral Director on their behalf, then you are allowed to share any personal information about the bereaved family with the Funeral Director so long as that information is necessary for the purpose of providing the funeral service.


What about praying for people – is that affected?

A particular fear of some churches is that they will no longer be able to encourage people to pray for someone by name. Once again, it’s all about context. If prayer requests are spoken in church, then this is fine, you do not need consent. However, if people’s names and reasons for the prayer request are recorded and published on the church website or in a parish newsletter, you will need consent.  Your common sense and pastoral sensitivity should give you a good feel for what is or is not allowed when it comes to public prayer, and if in doubt, simply let the family or individual know that you would like to widen the prayer circle, and give them the opportunity to decline.

Before GDPR came into force in the UK on the 25th May 2018 the Life Events Team created the video below, which, while it talks in the future tense, is still a very useful resource.




This Baptist Church website is powered by Church Edit | Privacy Notice