Data Protection for Churches

25 May 2018

D-day for data protection changes

On 25 May 2018 the EU’s General Data Protection Regulation comes fully into force. There are actions which even small charities must take before 25 May 2018.

The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.

Notes on what this means for small charities, particularly independent churches, and a privacy notice prepared for a particular church and provided (with consent) as an example to assist others.

In addition, three documents on the website of the Information Commissioner’s Office (ICO) are clearly written and can give you a better idea of what’s required and what organisations need to do:

General Data Protection Regulation (GDPR) FAQs for charities

Guide to the General Data Protection Regulations (GDPR)

The ICO has a dedicated advice line for small organisation – 0303 123 1113 (charges at local rates).  There is a separate number for those who want to call in Welsh.


The following guidance for churches may also be helpful:

FIEC (Fellowship of Independent Evangelical Churches) has produced a booklet on GDPR.  This is available to download from their website at:


The Baptist Union of Great Britain has produced a guideline leaflet, available from their website at:


Partnership is not responsible for the content of external websites.

Close Menu