The 2025 Annual Data Protection Checklist

2024 was an exciting but busy year across the Connexion, not least because of the various District mergers that have taken place.  As a consequence, the Connexion initially lost six District Data Champions whilst the preparation work for the new Districts took place.  This inevitably meant that the number of completed Checklists for the end of the 2024 Connexional year was down – but only marginally.  We would like to thank all Managing Trustees (and their District Data Champions), who completed the Checklist, for their continued support and engagement with this important ‘People’ Protection exercise.

Over the course of 2024, there have been four new District Data Champions appointed, covering both existing roles and new roles created by District mergers.  All four have now received their induction training.  The District Data Champions will soon be circulating, via the Circuits, links to the 2025 Data Protection Annual Checklist which, as usual, will need to be submitted to the Districts by the 31^st May 2025.

It is now five years since the Annual Checklist was introduced and it should now be part of all Managing Trustees’ annual reviews, in the same way as the Connexional Annual Returns.  Managing Trustees who have completed the Checklists have reported that the subsequent renewals are straightforward and without challenge.   

As you know the Managing Trustees, as the people on the ground responsible for GDPR, and TMCP as Data Controller, cannot relinquish responsibility for ensuring compliance with the regulations. However if we continue to work together we can try and ensure these responsibilities are met.

The Checklist comes with a comprehensive Guidance Note which provides Managing Trustees with a step by step walk through of what is required to complete the Checklist.  In addition to the Guidance Note, there are also the following resources to assist Managing Trustees:

• TMCP Training video on “How to Complete the Annual Data Protection Checklist ”
• Sutton Park Methodist Circuit – Data Protection Annual Checklist Training Videos 
• Sheffield Methodist District Guidance – ‘GDPR Annual Checklist – Guidance’

 

As a reminder and in a nutshell, Managing Trustees will need to undertake the following (when we refer to the ‘you’ we are referring to Local Church, Circuit and District bodies):

1. Record what personal information you hold and who has access to it.  Use the ‘Non-Exhaustive List of Examples’ to help you;
2. Destroy or archive any personal information you no longer need;
3. Are you displaying the latest Managing Trustees Privacy Notice – last updated on the 4^th April 2024
4. Have you checked the information you are holding is correct?
5. Do you have all the consents required and are they up to date?
6. Is the Managing Trustee body’s Processor Record up to date?
7. Is the personal information held securely?

 

Please remember that if you are a single Local Church worshipping across multiple sites, then only ONE Checklist needs to be completed on behalf of the Church Council.  If you become aware that you are being asked to complete more than one Checklist then please refer to your District Data Champion AND TMCP as soon as possible.

 

Accompanying the Checklist links will be a full set of instructions of how you should complete the Checklist, either as the online version or the manual Word version.  Your District Data Champion and TMCP are however on hand to assist you wherever needed.

 

GOING FORWARD - IMPORTANT NOTICE:

TMCP has worked with the local Managing Trustee bodies for a good few years now to ensure compliance with the legislation. While many of you work hard to comply there are some who still haven’t submitted annual checklists, either in full or in part. TMCP must, as Data Controller ensure full compliance with the regulations across the Connexion and therefore, while recognising the numerous Managing Trustee bodies who have completed the previous years’ Annual Checklists, the TMCP Board of Trustees have taken the difficult decision to exclude any managing trustee body from the remit of TMCP’s Controllership who fail to complete the 2025 Annual Checklist. Hopefully if we work together this will not be required.

 

TMCP will be liaising with the Districts and their District Data Champions in June 2025 to ascertain which Local Churches / Circuits have not engaged with this once a year exercise.  We will then contact those Managing Trustees directly to discuss why the Checklist has not been completed and provide additional support, if accepted, to complete the exercise.

 

Compliance with Data Protection legislation is not an option for Managing Trustees; it is a legal obligation.  The failure of Managing Trustees to complete the Annual Checklist will result in them having to register independently with the Information Commissioners Office and be fully responsible for demonstrating to them their data protection compliance.  This will also include the self-management of data breaches and responses to possible Data Subject Access Requests which will not be easy for those responsible.

 

If you are struggling to complete the Annual Checklist then please do contact your District Data Champion as soon as possible to seek urgent assistance.  If you are unsure who your District Data Champion is then please ask your District Chair or contact us and we will provide their details. You can also contact TMCP at any time with your data protection queries at dataprotection@tmcp.org.uk.We will work with you at every opportunity to achieve compliance.

Sign up to receive the News Hub alerts to keep a pace with what is available.  Alternatively, please do not hesitate to contact TMCP if you have any general data protection queries and the Conference Office for enquiries relating to safeguarding and complaints and discipline issues.