Consent is just one of the six lawful bases on which Managing Trustees can deal with (process) personal information (personal data). (See the Lawful Bases Guidance Note). However, when Managing Trustees do need to rely on consent to handle personal data (see the Annex to the Privacy Notice), they need to keep a record of how and when consent was given. This is a requirement under Article 7(1) of the General Data Protection Regulation (GDPR).
Please refer to the Annex to the Privacy Notice for details of when consent is required and the “Identifying a Lawful Bases Charts” in Section B of the Lawful Bases Guidance Note for an explanation of why and when consent is required. Lawful Bases Fact Sheet 4 - Consent provides further details on consent and the need to keep records.
Following discussions with Managing Trustees the Consent Form has been updated and, individuals should now use a ‘key code register’ system to provide details of their various consent preferences. Managing Trustees should use the key codes to complete the third column of the table on the template Consent Record to record individual’s preferences, which has also been updated.
For example, an individual may consent to their full contact details being published in a publically available Church Directory but may wish only to have their email address published in a publically available Newsletter. In this scenario the consent codes would be recorded as follows (you should refer to the Consent Form for full details of the key codes):
1 (Church Directory) - N (name); A (address); E (email address); P (phone number); M (mobile number).
3 (Newsletter) - E (email address)
Once you have received the completed Consent Forms from church members, adherents etc. you should complete the Consent Record . This will provide you with an audit trail which will help you if you are challenged, as a data processor, and demonstrate compliance with data protection legislation in line with the “accountability” obligations (see the Lawful Bases Fact Sheet 4 - Consent).
Using the examples above, the Consent Record should be completed as follows:
|Who consented?||When did they consent (date of consent)?||What Consents have been given?||What were they told at the time?||How did they consent?||Has consent been withdrawn?|
|Mrs Smith||1st March 2020|| |
1 – N, A, E, P, M
3 - E
|Mrs Smith was referred to the Privacy Notice and the Consent Form||Via the Consent Form|
Keep the record of each consent for as long as you are relying on it to process personal information (data). Keep the Consent Record in a safe place in accordance with the Data Security Policy.
Please select whether you wish to download the Template Consent record as a Word or pdf file. If you download in Word you will be able to type in the information required to help you to keep your record.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).