So, for a church to use information which was provided by an individual in a way that the individual would expect as part of their involvement with the church, is likely to be covered under the ‘legitimate interests’ – it is for the church to satisfy itself that this is the case.” “The ‘legitimate interests’ rule can be used in situations where an organisation is using personal data in ways an individual would reasonably expect, are low-risk and won’t have a big impact on the individual. “As long as an organisation can identify a lawful basis for it, and is able to meet our principles, then the GDPR wouldn’t prevent a church from handling personal information about its parishioners in the same way as it would have done under the Data Protection Act 1998. “GDPR sets out rules to follow when handling personal information,” replied the ICO. Surely, I asked, if church leaders only apply a little common sense, they can be sure that ‘acknowledging birthdays and anniversaries’ is hardly likely to get them dragged into court…or is it? This is the UK’s independent authority set up to uphold information rights and data privacy for individuals. So I spoke to the Information Commissioner’s Office (ICO). And to be fair to them, the information available to them on various diocese websites is, frankly, not a lot of practical help. I don’t wish to sound critical, and indeed I am very sympathetic, if I say that they clearly don’t know what they’re talking about. So, indeed, would be intimate personal information about the health problems of a sick parishioner, or indeed that someone living alone would be in hospital for several weeks – ‘this house is now available for burglary’!īut look at the second sentence of that church news item, beginning 'I understand.' That actually means they don’t understand: it means the church in question doesn't know what the rules are and clearly, they don’t even know that the GDPR replaced the Data Protection Act. This is sensitive personal information which should be protected. On the one hand hand, we can all see a problem if a church's notices were to include something like "Happy birthday to Gladys Clotworthy, who is 95 today she lives alone at 25 Church Road, but is always out at church on Sunday mornings, she leaves a key under the flowerpot for her carer, and since she won the lottery, her cash and bank card are in the tea caddy. Is this all silly, or is it reasonable protection for individuals? If marking birthdays and anniversaries is now banned, then bang goes Christmas, because we can't mention it? One can hardly imagine them having to interrupt work in the operating theatre to ask ‘Will you sign this consent form, so that we can pray for you?’ This would be very inconvenient for another small town church in Norfolk, which has imaginatively created a 'virtual prayer room', which names those who are being prayed for, and why. He said: "I’ve been told we can’t pray for anyone who hasn’t given their written consent, which is just ridiculous." This local church is not alone in worrying about data protection – some months back the national press reported, quite gleefully, the case of the rector in London who said he had been told it was now illegal to pray for his parishioners, and certainly not out loud. I despaired at the bureaucracy, and sympathised with the newsletter writer in that we are now bombarded with so many regulations that we can all be forgiven for not understanding them. My reaction was partly despair, and partly sympathy. I understand this is due to restrictions on personal information imposed by the data protection act." ![]() ![]() ![]() It said this: "It is with regret that, after more than 35 years, it is no longer possible to acknowledge birthdays or anniversaries on the notice sheet. In the porch of a North Norfolk market town church this week, I read something on the notice-board which held my attention for several minutes – indeed, I made a return trip to the church later to pick up a paper copy of the week’s newsletter and notice sheet, just to make sure I had read it correctly. Not for the first time, church activity has left me puzzled. Ian Boughton has been wondering whether the General Data Protection Regulation (GDPR) that came into force last year will restrict some church activities, and believes he has some answers. Happy Birthday Gladys – just don’t say her name!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |