GDPR Simplified

GDPR is a new legislation that comes into force on the 25th of May 2018, and it will affect all organisations that store personal information about individuals, this legislation includes churches.


The General Data Protection Regulation (GDPR) will give people more rights into how their personal information can be gathered, stored and used. Every church will need to comply to the regulations being set out by this new legislation by the 25th of May, not doing so can incur strict penalties.

Many churches already comply with what is being brought in by GDPR, however, time should be invested into making sure that your church is fully compliant, so as to avoid any possible penalties.

If the GDPR legislation is new to you, here is an outline of the basic information that you need to know:  


  • Anyone who has their data stored by your church can request to see a copy. This would include everything that is stored about that person, whether it be on spreadsheets, databases, documents, USB sticks or printed paper. A copy must be given within 30 days of the request being made. (There is an exeption if the commuication mentions another subjest) Should a person make this request electronically, such as by email, then information must also be supplied electronically. For churches using paper based systems, you will need to transfer all of this information to an electronic form. Find out more about the Right to Access by clicking on this link.


  • An individual may request for all their information to be erased, should a request be made, the church must comply by removing all their data, if the data has been shared with a third party, they too must be informed. There are exceptions to this right, such as for child protection purposes, for Gift Aid claims, or should the church have another legal basis for holding the data. You will also need to make any consequences of erasure clear to the individual, e.g. that you will not be able to schedule them on a church rota if you cannot hold the necessary data. Click here to find more information on the Right to Erasure.




A lot of GDPR is common sense, treating an individual's data the way that you would want your own data to be treated, however it is important that churches understand what is required of them under GDPR so as to ensure full compliance. You can work through this GDPR Checklist to help meet compliance, however, we recommend that you seek legal counsel to ensure that your church is completely compliant with GDPR.


GDPR Tools to help your church!

iKnow Church have been preparing for GDPR for a while now, and we have created a dedicated website to help churches become ‘GDPR Ready’, which you can visit here: You can also find further information from the ICO website.

To support churches with GDPR we have recently released our GDPR Tool within iKnow Church - admin management system, for more information on iKnow Church please feel free to contact our team on 0121 651 1125 or email us on 

iKnow Church - Church Admin Made Simple!


Powered by Church Edit