St Mary's Church

Building a Mission Community

GDPR - General Data Protection regulation

Headline Message

St Mary's Church, like all organisations throughout Europe, must comply with the GDPR legislation. (GDPR has been written into UK Law and so Brexit will not affect GDPR-compliance.)

We have written documents to ensure that St Mary's is compliant with the new legislation and those documents are a Privacy Notice and a Consent Form. The Privacy Notice explains how your data will be used and the Consent Form that you can print out or complete electronically is made available for you in order for you to make it explicitly clear how you would like us to contact you in a way that has your consent.
There is also the Electoral Roll Privacy Notice, which you can download
You can read in more detail about GDPR by visiting the Information Commissioner's Office (ICO) website.

What is GDPR?

The GDPR legislation is a considerable document with 99 Articles and 173 Recitals that outline the new, comprehensive standards of data protection. GDPR was written into law in 2016; however, European organisations were given a 2-year grace period in order to comply with the document. That grace period ends on 25th May 2018.
This regulation can be summarised into seven equally-weighted principles:

1. Lawful, fair, and transparent processing: Explicit consent by the consumer is critical before any personal data can be captured, processed, or stored. It also allows for the ‘right to be forgotten’, where a consumer can request their personal data be deleted. Individuals also have the right to access all their personal data a company may hold.

2. Purpose limitation: Organisations must have a legitimate and lawful purpose for processing personal data.

3. Data minimisation: Organisations should capture the minimum amount of data needed for the specified purpose.

4. Accurate and up-to-date processing: Organisations must employ data controllers to ensure information remains valid, accurate, and for the specified purpose.

5. Limitation of storage in the form that permits identification: Discourages organisations from keeping personal data for longer than is necessary.

6. Confidential and secure: Organisations must protect the privacy and integrity of the data by ensuring its security.

7. Accountability and liability: Organisations must demonstrate compliance to the regulation.


Individuals have considerable rights under the GDPR Regulations and organisations holding personal data must comply with an individual's requests unless there is a lawful basis for maintaining that information. The picture below shows an individual's rights. We have sought to make it clear how you can grant and revoke personal information in the Privacy Notice.

GDPR - Individual Rights