One of the most important initial steps for Managing Trustees to take to help them comply with the requirements under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 is to carry out a review of the personal information (data) relating to individuals that they collect and use. Once reviewed and recorded, the results then need to be kept up-to-date.
Step 2 of the 9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR (9 Steps) explains how to carry out the review in practice and why this exercise is so important. The easiest way to record the information collected during the review is to complete the Data Mapping Form for Managing Trustees. This has been produced by the Data Protection Working Party (Working Party) to assist Managing Trustees to set out what personal data they hold, where they get it from and how they use it, i.e. to carry out a data mapping exercise.
Please refer to the Non-Exhaustive List of Examples to help you to complete the Data Mapping Form for Managing Trustees. This list is based on the results of the Working Party’s data mapping exercise using a representative sample of managing trustee bodies.
Please note that the Data Mapping Form does not require Managing Trustees to record which legal reasons (lawful bases) they are relying on to use personal data for the purposes indicated. This exercise has been completed by the Working Party (using the information collected by them in their own data mapping exercise) and the lawful bases being relied upon by Managing Trustees are set out in the Annex to the Managing Trustees’ Privacy Notice. The Managing Trustees’ Privacy Notice, sometimes called a “privacy policy”, is required under data protection legislation and communicates certain information to individuals about the collection and use of their personal information by Managing Trustees including the lawful bases being relied upon. Please refer to Step 3 of the 9 Steps for further information on the privacy notice and the article; New – Privacy Notice for Managing Trustees.
Please use the final column of the Data Mapping Form for Managing Trustees to highlight any sharing partners as indicated on the form. Specific guidance on Sharing and other Ecumenical arrangements is being finalised and will be accessible from the guidance notes tab on the Data Protection page.
Please select whether you wish to download the form as a Word or pdf file. If you download in Word you will be able to type in the information required to help you carry out the audit.
If Managing Trustees have any queries then please contact TMCP (dataprotection@tmcp.org.uk) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (dataprotection@methodistchurch.org.uk).
v2.0