GDPR Advice for Churches

The ‘Right to Erasure’ (or ‘Right to be Forgotten’ as it is commonly known) means that a data subject can request for all of their information to be erased from your church systems.  This will be on any databases, spreadsheets or paper files for which your church is responsible.

The person may have previously given their consent for data to be held, but has subsequently withdrawn it and is requesting that their data be erased. The ideal result should be that a search for this person on any of your files returns no results at all.

There are exceptions if the information is required for archive or historical purposes such as:

  • Needing to hold donation details such as amount and address for historical donations or Gift Aid claims

  • There is another data subject whose data will be affected by the deletion

  • The data may be necessary for Child Protection purposes

If this data has been shared with any other parties then these third parties also need to be informed that the data must be erased, subject to any legal exemption.

It will likely be quite rare that you get these requests. However if you do then you must act on this request within a reasonable time. There will also be your data retention policy to consider which should be specified within your terms.  For example, you may have backups of your data, and it is not possible to go through each backup and remove all references to a data subject. However your data retention policy should clearly state the period for which data must be stored.

 




Privacy Policy | Website terms and conditions