In the run up to the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018, TMCP in conjunction with the Connexional Team Guidance (the Working Party) is producing a tool kit of guidance, template documents, training, policies and procedures that all Local Churches, Circuits and Districts will need for compliance with GDPR.
The following new guidance aimed specifically at Methodist Managing Trustees is now available from TMCP’s website:
- 9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR (9 Steps) - A new guidance note setting out practical steps for Managing Trustees to take now to get ready for the introduction of the GDPR when it comes into force on 25th May 2018;
- Data Mapping Form for Managing Trustees – A data mapping form for Managing Trustees to use to help them to complete Step 2 of the 9 Steps and ascertain what data they hold.
- Data Mapping Examples - A list of example responses compiled using the data mapping exercise results to help Managing Trustees carry out their own data mapping exercise.
- GDPR Changes at a Glance – a chart summarising the main changes brought by GDPR that will impact on Managing Trustees.
- Who are the Data Controllers and Where to get Help? – a focus note in the form of questions and answers explaining the role of a Data Controller, who the Controllers are in the context of the Methodist Church and who Managing Trustees can contact to get help.
- GDPR Myths – an article responding to the myths surrounding data protection to reassure Managing Trustees and emphasise the help and support being made available to Local Churches, Circuits and Districts.
The 9 Steps set out what steps need to be taken to ensure compliance with the new requirements under GDPR and outline the guidance, policies and templates that will follow over the next few months to help Managing Trustees prepare for the introduction of GDPR on 25th May 2018 and beyond.
Following the data mapping exercise carried out by the Working Party, we are also developing a breakdown of results, Data Responsibilities in a Nutshell to help Managing Trustees establish what they need to do with different types of data including retention periods, security measures as well as understanding the most appropriate lawful bases to rely on when drafting the required privacy policies.
Once the main guidance has been produced the Working Party will be rolling out policies and procedures to be implemented across Local Churches, Circuits and Districts along with training.
Districts will also be playing a key role in helping to get everything GDPR ready providing regional support and assistance to Managing Trustees. The Working Party is liaising with the Districts to help them to obtain the training they need to champion best practice in data protection and help Managing Trustees to comply with the new requirements.
How to find out about new guidance and updates
The working party will also be regularly updating the Church on developments so please see the TMCP and Methodist Church website:
- https://www.tmcp.org.uk/ - the data protection guidance is available from the Data Protection page which can be found in the “About” section of TMCP’s website. A link to this page is now accessible from the Home page as well as the foot of every webpage. You can also search “TMCP data” or similar terms using a search engine such as “Google”.
TMCP will notify Managing Trustees when any new guidance is available through the News Hub section of the TMCP website; https://www.tmcp.org.uk/news-hub. Managing Trustees can sign-up to receive notifications from TMCP’s website to ensure that they receive notice of new and updated guidance on data protection. To do this Managing Trustees should look out for the “Stay updated” banner appearing at the foot of each webpage, insert their contact email address and confirm they would like to receive notifications when they receive a welcome email from TMCP.
Where else can I find guidance?
Organisations including the ICO and EU are publishing comprehensive but clear guidance in plain language which provides Managing Trustees with a good, balanced overview and should be read alongside the practical guidance focusing on the Methodist Church produced by the Data Protection Working Party:
- ICO website: Guide to the General Data Protection Regulation (GDPR)
- ICO: GDPR FAQs for Charities
- European Commission’s moving graphics - Summarising some of the key points about the GDPR.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).