The General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 (‘DPA 2018’) provide individuals with certain rights when it comes to their personal data and how it is processed by the Methodist Church.  One of those rights is the right of access, more commonly known as a “Data Subject Access Request” (‘DSAR’).

TMCP has produced the Managing Trustees’ Data Subject Access Request Policy  which provides Managing Trustees with a step by step process to follow when a DSAR is received directly from an individual in order to comply with the GDPR and DPA 2018.

Please note that the Managing Trustees Data Subject Access Request (DSAR) Policy is located in the 'Trustee Documents' area of our website which is password protected. If you are a Managing Trustee or are acting on behalf of Managing Trustees and need access to this information, please email us to request the password.

The Managing Trustees’ Data Subject Access Request Policy  takes into account the Information Commissioner’s revised advice regarding the statutory time period for dealing with DSARs.  Managing Trustees should note that the statutory time period now runs from the day the DSAR is received and the individual must receive a formal response within one calendar month of the receipt date of the DSAR.

TMCP has also amended the Data Subject Request Form to reflect the updated guidance provided by the ICO relating to the statutory time period of one calendar month.

For the full toolkit of data protection guidance, policies, template notices, registers and forms please refer to the Data Protection page on TMCP’s website.

If you have any queries in relation to the guidance in this document please contact TMCP Data Protection for further assistance.