Implementing GDPR in our Parish
This Friday, 25 May marks the implementation of the General Data Protection Regulation (GDPR) in European public life. This introduces a regime of privacy rights that affects digital discourse and communications. This regime undoubtedly covers our functions as a parish church.
Our life and role as a parish church of the Church of England, inevitably means that we exist as an expression of the body of Christ more for the benefit of those beyond our congregation.
So the question is ‘what impact has this new regime’ on our obligation to be a missional entity?
The reality is our call to mission is not completely exposed to the severity of the strictures of the new regime.
This article (a link is supplied and useful portions of the text are reproduced, below) helps us to appreciate that it is context, more than anything else, that should determine the limits of our OUTREACH and efforts to proclaim the gospel to all.
The author argues, persuasively, that we must not afford the “tension between compliance risk and the real risk to the Church’s mission (to) descend into an idolatrous pursuit of risk-minimisation and privacy rights above all else.”
Rather, we must embrace the “real flexibility and opportunity to respect people’s rights” at the core of this new regime.
It is important, therefore, not to imagine that this new regime even begins to blunt our call to be “A community of Faith, Hope and Love.”
As we go forward, let us not be daunted in our readiness and commitment to share with all who live, work or visit our parish our spaces, resources and our hearts as offerings of engagement and exchange for all.
The Lord be with you,
GDPR: Let us not allow privacy to become an idol
Churches must comply with new EU data regulations — but not at the expense of its mission, says Adrian Beney
… Practically speaking, over-compliance risks needlessly restricting the Church’s interaction with the communities that it serves. More important, we need to think theologically.
We need to consider whether the “right to the protection of personal data,” on which GDPR is based, sets up an inherent conflict with the nature of a God whose essence is relational. If the Church is a mirror for revelation of God’s relationship with humanity, and Christ’s crucifixion is the ultimate example of openness to the world, how do we reconcile this with a right to retreat inwards behind privacy law?
At its best, this legislation allows us to construct a framework for treating others with respect.
Of course, there need to be reasonable controls on the use of data… (but) we must not ignore the risk of elevating privacy to the level of an idol as we implement GDPR in the Church.
… The way to pragmatic compliance is to understand the law, to understand the specific context in which it is being applied, and to take, as the ICO says, “a risk-based approach to the likelihood and the severity of any adverse impact” on the people whose data is being processed. In contrast, the approach of some of the Church’s advice appears to be to minimise the privacy risk while permitting significant risk to the very mission of the organisation. Once again, privacy is elevated above all else.
Examples include burdensome processes for doing rotas and for contacting baptism and funeral families. It has been suggested that the cumbersome process of getting consent is necessary before communicating with people on the Electoral Roll; that holding data on the names of villagers so they can be invited to church events would be unlawful; and that the ICO might challenge a school that inserted church flyers into children’s school bags…
SERIOUS theological work needs to be done on the tension between privacy law and a God of relationships. Meanwhile, in parishes, we need to question advice that hinders the mission of the Church, and ask “Is there a less burdensome way of achieving compliance?”
Adrian Beney is the lead partner for regulatory affairs at the fund-raising consultants More Partnership, and a Lay Canon of Tamale Cathedral, Ghana. He is married to a vicar.