The Processor Record for Methodist Managing Trustees was launched via TMCP’s News Hub on 9 July 2019. Our data protection training sessions for data champions suggest that many of you may not be aware of this essential record. As the nights start to grow longer and the rain lashes down outside… take the challenge and complete the Processor Record for Methodist Managing Trustees for your managing trustee body without delay.
What do we have to do?
To keep the processing record required by GDPR – take ten minutes:
|1. Click on the link below and open the Processor Record for Methodist Managing Trustees produced by TMCP in Word (one minute).|
This is based on the template produced by the Information Commissioner’s Office (ICO) and already includes much of the information that Managing Trustees are required to record.
|2. Save the record in a safe place (two minutes).|
Although you can print out the record, much of the record relies on links to other documents such as the Security Policy and the Managing Trustees’ Privacy Notice. The record would therefore be of most use if it is saved electronically e.g. in a folder accessible by those who deal with data protection locally, perhaps a folder containing all of the local data protection records and data mapping.
|3. Complete details of your managing trustee body and the person responsible for data protection locally in Table I (four minutes).|
Simply complete highlighted boxes 1. to 9. with the contact details indicated. If there is no contact email address for the Local Church or telephone number put “none” or “N/A”. If there is nobody looking after data protection for you locally just put “none” or “N/A”.
Look at the Worked Example if you are unsure what to put.
|4. Complete boxes 10. to 12. in Table II to indicate where the breach, consent and data mapping results are held locally (three minutes).|
Imagine that a new person is tasked with looking after data protection for the local managing trustee body, where would they find the local records? Does the managing trustee body keep printouts in a locked filing cabinet in the vestry? Are the records saved in a particular named folder on the local church or circuit computer system with all the other data protection records? Are they held in a particular named folder on a personal device belonging to the steward tasked with data protection?
|5. Complete box 13. to indicate whether your local managing trustee body transfers personal information outside the EU or to an international organisation. IF and ONLY IF it does, complete the Annex at the end of the form with details of which country the information is sent to and what protections are put in place to keep that information safe (extra time required).|
You will only need to complete the Annex IF your local managing trustee body transfers personal information outside of the EU. This could occur if your Local Church is part of an exchange programme and sends contact details for those involved overseas for example.
Is that all we have to do?
Yes - Details of the controllers and links to the relevant overarching policies and Managing Trustees’ Privacy Notice have been provided for you. All Managing Trustees need to do is complete the information specifically relating to their managing body.
However, if you have not yet completed your data mapping or do not have a consent or breach record then you need to take urgent action to put these in place. Speak to your circuit or district data champion if you have one, use the resources and associated guidance on the Data Protection page of TMCP’s website and/or contact TMCP Data Protection.
Why do we have to keep the Processor Record for Methodist Managing Trustees?
Each managing trustee body needs to be able to demonstrate compliance with the requirements under the General Data Protection Regulation (GDPR) (the “accountability” principle in Article 5(2) ). The Processor Record for Methodist Managing Trustees is designed to enable managing trustee bodies to do just that.
In practical terms, the Processor Record for Methodist Managing Trustees provides the local managing trustee body with, or at least links to, the key information they need on data protection i.e. how they keep the information they hold about their members and the wider church community safe. The Processor Record for Methodist Managing Trustees confirms which controller to contact in the event of a breach or request by an individual to exercise their rights, where to find out how long to retain personal information and where the different local records are kept.
What resources are in the data protection toolkit to help us with the Processor Record?
As requested at the training session in Leeds, as well as the form itself which has largely been completed to help Managing Trustees show compliance with GDPR, we have also produced a worked example showing how to complete the form.
Further guidance on how to complete the form and the need to review the record periodically is included on the Processor Record page of TMCP’s website.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).