Personal Data Protection Policy
Swallownest Baptist Church is committed to handling personal data according the letter and the spirit of the law.
Principles:
- All physical data will be stored under lock and key and all digital data will be password protected.
- We will have two named data protection officers.
- We will make sure people know what we’re keeping and how we’re using it and can request for it to be destroyed.
- Financial data will be kept safe for no more than 7 years following any transaction.
- Responsible people will be trained in data protection.
- Data will be kept accurate and regularly reviewed.
- Breaches will be dealt with openly and thoroughly investigated.
- No sensitive, genetic or biometric data will be kept by the church.
- No-one should be surprised by what we’re keeping and how we’re using it.
- This policy will be reviewed every three years or after a breach.
Processes:
How to collect data:
- Make sure the person you are taking data from knows what you are taking and agrees to how you are going to use it in writing.
- Keep the data safe and secure, either locked away or password protected at all times.
- Don’t use it for anything you haven’t already asked about.
- Destroy it as soon as you no longer need it, unless it’s a records of a financial transaction which must be kept for 7 years.
Keeping your data accurate:
- Check back with people that your data is accurate on a regular basis – every three years.
What to do in case of a breach:
- Tell the person involved what has happened.
- Inform relevant authorities if required.
- Find out how and why the breach happened.
- Reassess the systems to make sure it doesn’t happen again.
- Review and amend the policy to reflect this.
Our data protection officers are Ben Stacey & Olivia Egan.