I’ve been working on helping the Methodist Church in Ireland get ready for the General Data Protection Regulation. Here’s an article I wrote originally for the Methodist Newsletter…
If you subscribe to the Methodist Newsletter, there is probably a list somewhere – perhaps a scribbled note, maybe on a digital spreadsheet – with your name and a ‘tick’ to show that you’ve paid for the year (or haven’t!). It’s a simple administrative task of keeping a record of payments. However, if that list also includes your address or telephone number ‘just in case you need to be contacted’, the Newsletter agent has become a ‘processor of personal data’ and their list is now governed by data protection legislation.
Any time you give your personal details to a church, charity, retailer, business or government body, you are contributing a gift of knowledge that they can lodge in their systems and invest on your behalf. Those bodies have data protection principles to follow, and you have significant rights that will be strengthened with the implementation of the EU General Data Protection Regulation on 25 May 2018 in both the United Kingdom and the Republic of Ireland.
The data protection principles mean that your information must be used with integrity, used appropriately and sparingly. Organisations and businesses must ensure that the data they hold about you is accurate, not kept forever, and stored securely. You have the right to access and correct that information, to opt out of its use in particular ways (goodbye pre-filled tick boxes!), and to stop its use completely or even ask to ‘be forgotten’. These principles and rights are powerful tools that you can use to make sure you’re being contacted by or receiving mailings from only the organisations that you choose. So invest your gift of knowledge wisely (look for a data protection policy online, or privacy notices on forms you fill in) and be aware of your rights.
If you happen to be a Newsletter agent, the cradle roll or youth group secretary, a treasurer, minister or prayer chain coordinator – anyone who uses other people’s information to provide them with a service or to make your organisation work (nomatter how kind) – you’re going to need to understand how the new law changes things. In particular, you will want to be covered by a data protection policy that you understand and can implement on a day-to-day basis. Fines and reputational damage await those who aren’t prepared! But help is at hand – resources are available on the Methodist website (shortlink: http://bit.ly/DPresources).
Keep calm, and think privacy!