We are approaching the time of year when the Methodist Church is preparing for the new Connexional year and many Managing Trustees are starting to collect data for inclusion in their member’s directories; whether that is for a local church, circuit or district.

In May 2018, the Data Protection Act 1998 will be replaced with the new European General Data Protection Regulation (GDPR).  The GDPR makes several changes to existing Data Protection laws, details of which we will imminently be providing guidance upon and you will find the same on our website. One of those changes, however, is in relation to ‘Consent’.

Under the Data Protection Act 1998, Consent for inclusion of personal details in the local church, circuit and district directory may be given implicitly. This means that provided an individual knows that their personal data is being collected and why and how it is used, then written Consent is not required.

This will not be the case, however, under the GDPR as explicit Consent must be obtained.  Explicit Consent does not necessarily mean that consent must be in writing, but it cannot be obtained by implication or assumed that it is ok to use the personal data and the Consent must be freely given.

Going forward, if you obtain the personal data of an individual by way of a manual data collection form then the individual must sign and date the form.

If the personal data is obtained electronically, e.g. by email then, by the very fact that the individual has provided their details, this may be taken to mean that consent has been given freely and explicitly. Although Managing Trustees should be aware that however the data is collected they must provide the individual with the following information:

  • What personal data you require? e.g. name, address, email address etc.
  • What the personal data is required for? e.g. circuit directory
    • For what purpose is the directory used for? Is it merely a contact list? How will the individual’s contact details be used?  Who are likely recipients of such personal data?
    • Could it be used for any other purpose?
  • Who will have access to the personal data, e.g. the directory?  Is it published online?
  • How the personal data is stored, e.g. computer/laptop/USB storage drive?  To whom do the devices belong?
  • That the individual may withdraw their consent at any time in writing
  • That the individual is entitled to complain to the Information Commission should their personal data be used in an unauthorised way.

This should also be linked to a more detailed Privacy Policy or Privacy Notice, and TMCP will provide an example for Managing Trustees to refer to in due course.  Briefly, the Privacy Policy/Notice will include, but is not limited to, detailed explanation on the above bullet points, how the personal data is kept up to date, how it is destroyed when it is no longer required and details of how an individual can request details of their personal data.

TMCP are in the process of making detailed guidance on the changes to data protection law available to Managing Trustees as well as providing example policies and procedures. We will notify you when then guidance is available through these updates and by contacting your Circuit Superintendent and District Property Secretary/Chair. In the meantime if you have any queries then please contact TMCP Legal for further assistance.

Disclaimer

Please note that this document is to provide guidance and assistance to Managing Trustees and their professional advisers. This guidance note is general in nature, may not reflect all recent legal developments and may not apply to the specific facts and circumstances of any particular matter. Also note that nothing within the documents and guidance notes provided by TMCP nor any receipt or use of such information, should be construed or relied on as advertising or soliciting to provide any legal services. Nor does it create any solicitor-client relationship or provide any legal representation, advice or opinion whatsoever on behalf of TMCP or its employees. Accordingly, neither TMCP nor its employees accept any responsibility for use of this document or action taken as a result of information provided in it. Please remember that Managing Trustees need to take advice that is specific to the situation at hand. This document is not legal advice and is no substitute for such advice from Managing Trustees' own legal advisers.