As highlighted in the GDPR Myths article, the General Data Protection Regulation (GDPR) does not mean that Managing Trustees need to obtain consent for everything. Consent is just one of six legal grounds (lawful bases) on which Managing Trustees can deal with (process) personal information. (See FAQ 2.1).

However, there will be some occasions when it is necessary for Managing Trustees to obtain consent. Consent is required wherever an individual’s information (personal data) is likely to be passed or transferred to a third party outside of the Methodist Church or Managing Trustees cannot rely on a different legal reason (legal basis) for using someone’s personal data.  Steps 5, 6 and 7 of the 9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR provide some examples of when consent may be required.

Many Managing Trustees want members of the public to engage with the Church, but people need to be aware of how their details are being used and given the opportunity to withhold their consent or limit the personal information that is made available.  Individuals may choose not to have their home or personal email addresses published for example, but could be happy for their name and telephone number to be published. One such example of a document which is often public is the Local Church or Circuit Directory.

The Working Party has received many queries about consent and requests for forms of wording to use, particularly in relation to Local Church, Circuit and District Directories. The Working Party is finalising detailed guidance on lawful bases but in the meantime a Template Consent Form has been produced for Managing Trustees to use and adapt where consent is required. Download this form by clicking on the link below. Please also refer to FAQ 2.2 for guidance on when consent is required for Directories.

Managing Trustees must remember to only collect information that is relevant and should not be holding excessive information.   A record should kept of what consents have been given by individuals and the purposes for which that consent has been given. The records should also be kept up to date. Further guidance on these records will be provided by the Working Party shortly.