Following the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018, there are new and updated resources available to download from the data protection page.
What documents have changed since 25th May 2018?
The following data protection resources available from TMCP’s website have recently been updated to take on board the new internal and external guidance and policies that are now available and the fact that GDPR and the Data Protection Act 2018 are now in force:
- Updated Data Protection Page – changed to reflect the fact that GDPR is now in force, provide details of upcoming training events and update the list of resources highlighting the contents of the data protection toolkit (Toolkit).
- Updated Template Consent Form – formatting changes to remove need to enter preferred contact details twice, typographical amendments and reference to the Privacy Notice. Note that when asking people to complete a consent form you need to provide them with a link to or copy of the Privacy Notice. Alternatively tell them where they can find the Privacy Notice if this is more appropriate.
- Updated 9 Steps for Methodist Managing Trustees to Take Now to Prepare for GDPR - reformulated as the 9 Steps for Methodist Managing Trustees to Take Now to Comply with GDPR. This guidance note will help Managing Trustees to take (and keep taking) all necessary steps to stay on track and keep personal information safe. All the steps have been updated to account for the resources produced by the Working party to help Managing Trustees comply with the new data protection legislation. Links to the policies, documents, template records and forms and guidelines have been inserted and guidance updated to reflect the direction taken by the Working Party following updates from the ICO and input from Local Churches, Circuits and Districts.
- Please note the updated Step 3 in particular which helps explain how to use the Privacy Notice and confirms that one external facing, ready to use “notice” telling individuals how Local Churches, Circuits and Districts use their personal information has been produced for Managing Trustees, rather than a template with a separate internal facing policy. If you handle personal information as part of your role in the Church you can read the Privacy Notice as a “policy” in conjunction with the Data Protection Policy and will need to ensure that your Local Church, Circuit or District is handling personal information as stated in the Privacy Notice. In terms of presenting the Privacy Notice to individuals (data subjects), look at the New Privacy Notice for Managing Trustees article and watch out for the template wording that will be released shortly and can be used in emails and other correspondence to draw people’s attention to the Privacy Notice.
- Updated Privacy Notice – page numbers added to PDF version.
What documents are new since 25th May 2018?
The following new data protection resources are now available from TMCP’s website:
- New Trustee Documents - As the data protection policies are internal policy documents created specifically for Managing Trustees, a new resource type has been created to ensure that these parts of the Toolkit are only be available to Managing Trustees. From here access the Data Protection Policy (the overarching “policy” or “rulebook”), the Data Security Policy (with practical guidelines on security measures to be put in place) and the Breach Policy (Interim). Details of the password needed to access these resources have been circulated at District and Circuit level but if the password has not made its way to you please contact TMCP Data Protection.
- New Breach Record for Managing Trustees – Table to record all instances of breach however large or small i.e. whether or not the individual concerned or the ICO need to be notified.
- New Consent Record for Managing Trustees – Table to record how and when consent was given and what was said if, and only if, Local Churches, Circuits or Districts need to rely on consent.
If you have any questions please contact firstname.lastname@example.org on general data protection issues or email@example.com for queries specifically relating to safeguarding or complaints and discipline matters. We are reviewing the enquiries received and will continue to add to the existing frequently asked questions so that everybody can benefit from the practical points that you have raised with us.