One of the most important initial steps for Managing Trustees to take to help them comply with the requirements under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 is to carry out a review of the personal information (data) relating to individuals that they collect and use. Once reviewed and recorded, the results then need to be kept up-to-date.
Step 2 of the 9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR (9 Steps) explains how to carry out the review in practice and why this exercise is so important. The easiest way to record the information collected during the review is to complete the Data Mapping Form for Managing Trustees. This has been produced by the Data Protection Working Party (Working Party) to assist Managing Trustees to set out what personal data they hold, where they get it from and how they use it, i.e. to carry out a data mapping exercise.
Please refer to the Non-Exhaustive List of Examples to help you to complete the Data Mapping Form for Managing Trustees. This list is based on the results of the Working Party’s data mapping exercise using a representative sample of managing trustee bodies.
Please use the final column of the Data Mapping Form for Managing Trustees to highlight any sharing partners as indicated on the form. Specific guidance on Sharing and other Ecumenical arrangements is being finalised and will be accessible from the guidance notes tab on the Data Protection page.
Please select whether you wish to download the form as a Word or pdf file. If you download in Word you will be able to type in the information required to help you carry out the audit.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).