Article 30(2) of the General Data Protection Regulation (GDPR) includes a requirement for processors (those within the Church who handle personal information), to keep records about the personal information that is processed (dealt with). To help Managing Trustees keep the required records, TMCP has produced a Template Processor Record for Managing Trustees to be used as part of the general data protection toolkit of policies, guidance and templates. The record is based on the template produced by the Information Commissioner’s Office (ICO) but has been adapted for use within the Methodist Church and completed as far as possible by TMCP to help Managing Trustees.
Use the Template Processor Record for Managing Trustees to provide a central record of the different data protection documents and records used by Managing Trustees to show that you are complying with the requirements of data protection legislation. This is part of the so called “accountability” principle in Article 5(2) of GDPR.
How to use the Template Processor Record for Managing Trustees (record)
The record is a template; although TMCP has ensured that it already includes much of the information that Managing Trustees are required to record, you will need to add some information relating to your specific managing trustee body. Details of the controllers and links to the relevant overarching policies and Managing Trustees’ Privacy Notice have been provided. All Managing Trustees need to do is complete the information specifically relating to their managing body. The sections that need completing are shown by the white numbered boxes.
Note that the information required in boxes 1 to 12 of the record is limited to contact information and details about where other data protection records are kept locally.
Column 1 (in the part of the record titled “Categories of Processing”) only needs to be completed if personal information is transferred to countries out of the EU or to international organisations e.g. if details of members were sent overseas as part of a volunteer programme. In this case details also need to be given in Column 1 about what additional security measures are put in place.
Column 2 (in the part of the record titled “Categories of Processing”) must be completed with details of any particular security measures for managing different types of processing listed (A to J on the record) over and above those in the Security Policy. If there are no such additional measures then leave blank.
Reviewing the record
Diarise an annual review date to check that the record is up to date. The easiest way to do this would be to; (1) check whether there have been any updates to the Managing Trustees’ Privacy Notice since you last downloaded the form and (2) check whether any of the details you have entered have changed such as the local contact or the storage location of the various records referred to.
Please select whether you wish to download the template record as a Word or pdf file. If you download in Word you will be able to type in the information required to help you to keep your record.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).