Article 30(2) of the General Data Protection Regulation (GDPR) includes a requirement for processors (those within the Church who handle personal information), to keep records about the personal information that is processed (dealt with). To help Managing Trustees keep the required records, TMCP has produced a Template Processor Record for Managing Trustees to be used as part of the general data protection toolkit of policies, guidance and templates. The record is based on the template produced by the Information Commissioner’s Office (ICO) but has been adapted for use within the Methodist Church and completed as far as possible by TMCP to help Managing Trustees. Please also refer to the Worked Example available to download on this page.
Use the Template Processor Record for Managing Trustees to provide a central record of the different data protection documents and records used by Managing Trustees to show that you are complying with the requirements of data protection legislation. This is part of the so called “accountability” principle in Article 5(2) of GDPR.
How to use the Template Processor Record for Managing Trustees (record)
The record is a template; although TMCP has ensured that it already includes much of the information that Managing Trustees are required to record, you will need to add some information relating to your specific managing trustee body. Details of the controllers and links to the relevant overarching policies and Managing Trustees’ Privacy Notice have been provided. All Managing Trustees need to do is complete the information specifically relating to their managing body. The sections that need completing are shown by the white boxes numbered (1) to (13).
Note that the information required in boxes 1 to 12 of the record is limited to contact information and details about where other data protection records are kept locally.
Box 13 (in table III "Record of Processing Activities") the part of the record titled “Categories of Processing”) needs completing to indicate whether any personal information is transferred to countries out of the EU or to international organisations e.g. if details of members were sent overseas as part of a volunteer programme. In this case details also need to be given in the Annex about what additional security measures are put in place. The Annex does not need completing if there are no transfers outside of the EU.
Reviewing the record
Diarise an annual review date to check that the record is up to date. The easiest way to do this would be to; (1) check whether there have been any updates to the Managing Trustees’ Privacy Notice since you last downloaded the form and (2) check whether any of the details you have entered have changed such as the local contact or the storage location of the various records referred to.
The template record is available to download as a Word file. This enables you to type in the information required to help you to keep your record.
If Managing Trustees have any queries then please contact TMCP (email@example.com) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (firstname.lastname@example.org).