Personal Data Protection Policy

Swallownest Baptist Church is committed to handling personal data according the letter and the spirit of the law.

Principles:

  1. All physical data will be stored under lock and key and all digital data will be password protected.
  2. We will have two named data protection officers.
  3. We will make sure people know what we’re keeping and how we’re using it and can request for it to be destroyed.
  4. Financial data will be kept safe for no more than 7 years following any transaction.
  5. Responsible people will be trained in data protection.
  6. Data will be kept accurate and regularly reviewed.
  7. Breaches will be dealt with openly and thoroughly investigated.
  8. No sensitive, genetic or biometric data will be kept by the church.
  9. No-one should be surprised by what we’re keeping and how we’re using it.
  10. This policy will be reviewed every three years or after a breach.

Processes:

How to collect data:

  1. Make sure the person you are taking data from knows what you are taking and agrees to how you are going to use it in writing.
  2. Keep the data safe and secure, either locked away or password protected at all times.
  3. Don’t use it for anything you haven’t already asked about.
  4. Destroy it as soon as you no longer need it, unless it’s a records of a financial transaction which must be kept for 7 years.

Keeping your data accurate:

  1. Check back with people that your data is accurate on a regular basis – every three years.

What to do in case of a breach:

  1. Tell the person involved what has happened.
  2. Inform relevant authorities if required.
  3. Find out how and why the breach happened.
  4. Reassess the systems to make sure it doesn’t happen again.
  5. Review and amend the policy to reflect this.

Our data protection officers are Ben Stacey & Olivia Egan.