What has changed?
Further to feedback from Managing Trustees to the template documents, following the introduction of the General Data Protection Regulations (‘GDPR’), TMCP has separated the previous consent form into two separate documents; a Consent Form and a Data Collection Form. Managing Trustees informed us that having one single form was confusing particularly when consent is not being relied upon as a Lawful Basis for processing personal data. Managing Trustees also found it difficult to record consent when different permissions were being granted for different church activities. So to help Managing Trustees we have converted the previous consent form into two separate forms:
The Consent Form enables Managing Trustees to seek permission from individuals to contact them in relation to certain church activities. The Data Collection Form is about obtaining the personal contact details of individuals. More information about each form is provided below.
The Consent Form should now only be used where Managing Trustees are relying on consent as their Lawful Basis for processing personal data (please check the Annex to the Privacy Notice for Managing Trustees and refer to the Lawful Basis Guidance note for more information). Consent should last for no more than 2 years and therefore now is the time that Managing Trustees should be thinking about renewing the consents that individuals have provided. The following details and purposes have now been included on the Consent Form:
- Contact details for publicly available Directories;
- Specific fundraising events;
- Contact details for publicly available newsletters;
- Inclusion on social media platforms;
- Inclusion of photographic images for public display, newsletters and social media platforms;
- Receiving of birthday cards;
- Receiving birthday cards for baptized children; and
- Invitations to memorial services.
The Consent Form uses a ‘key code register’ system to allow individuals to provide details of their various consent preferences. The types of personal data collected are each given a letter on the form; N (name); A (address); E (email address); P (phone number); and M (mobile number) with the purpose being given a number.
For example, an individual may consent to their full contact details being published in a publicly available Church Directory but may wish only to have their email address published in a publicly available Newsletter.
In this example the consent codes would be recorded as follows:
Record: 1 / N/A/E/P/M/E (see below for explanation)
|1 (Church Directory)
- N (name)
- A (address)
- E (email address)
- P (phone number)
- M (mobile number)
Record: 3 / E (see below for explanation)
|- E (email address)
The Consent Record has also been updated and now has an extra column so that the consents provided by individuals can be clearly recorded using the codes discussed above. There is also a worked example to demonstrate how it should be used.
Data Collection Form
The Data Collection Form is a completely new form allowing individuals to provide their correct contact information and confirm how they prefer to be contacted.
The Data Collection Form should always be used where Managing Trustees are collecting the contact details for new members, adherents etc. of the Local Church, Circuit or District. It should also be used for individuals to provide their contact preferences for inclusion in Directories that are NOT made publicly available. Please also refer to FAQ 2.3 for guidance on when consent is required for Directories.
The Data Collection Form should also be used where regular contact with an individual may be short term such as for a single hiring of the church hall. The form should be kept for a period of six months in case any claim is made against the church in respect of the use of the hall. It should NOT be used for any other purpose unless you have the consent of the individual involved to contact them for different purposes.
What action do Managing Trustees need to take?
1. As consent should last no longer than two years, now is an ideal opportunity for Managing Trustees to look at renewing the consents they obtained following GDPR coming into force on the 25th May 2018.
2. Before asking individuals to renew their consent, check the Annex to the Privacy Notice for Managing Trustees and refer to the Lawful Bases Guidance to ensure that consent is required. If it is, then circulate the updated Consent Form to those members, adherents etc. of the Local Church / Circuit or District whose consent you require.
3. Principle 4 of GDPR requires Managing Trustees to ensure that the information they are holding about individuals is relevant, accurate and up to date. Use the Data Collection Form to reaffirm that the contact details Managing Trustees are holding about individuals are correct.
4. Finally, update your Consent Record/put in place the updated Consent Record and use the key codes referred to above.
If Managing Trustees have any queries then please contact TMCP (firstname.lastname@example.org) for further assistance regarding general data protection matters and the Conference Office for queries specifically relating to safeguarding or complaints and discipline matters (email@example.com).