Prayer for Israel and Palestine at this time Click here for more details
Site search

Last updated 9th March 2023

General Data Protection Regulation 2018 (GDPR)

The General Data Protection Regulation 2018 (GDPR) came into effect on 25 May 2018, impacting on all parishes in relation to the personal data they hold.

This page is updated periodically with new information, but we strongly recommend that you identify a Parish Data Officer and carrying out a data audit as soon as is practicable if you haven.

You need to read this introductory article on our news pages which was also featured in the Diocesan magazine 'The See' sent to most parishes in the Diocese.

A copy of our Clergy Data Consent form and Laity Data Consent form are available.

More information (including full Q and As; checklists and audit forms) can be found on Church of England Parish Resources website.

GDPR Awareness for PCCs and Parishes - more advice for parishes.

A comprehensive suite of GDPR e-learning courses is now available for anyone within the Church of England structure (dioceses, cathedrals, parishes and other CofE organisations).

The courses, delivered by specialist training provider Me Learning, cost £10 + VAT (£12) per course.

The Church of England’s Parish Buying team has negotiated a substantial discount with Me Learning for a period of three years from May 2018. (This type of course usually starts at around £25 and can cost up to £395).


Training is considered by the Information Commissioners Office (ICO) to be one of the measures organisations should take towards compliance with the new data protection regulation.

This training has been made available to help ensure that your parish is taking the steps to comply with GDPR. It is recommended that in parishes at least one person, other than the incumbent, takes one of the courses.

The courses:

  • Core (level 1): This level that will be appropriate for the vast majority of staff, clergy and those holding church offices. This course includes three modules that will take around 30 minutes each to complete.
  • Marketer (level 2): This involves detailed and extended modules for those who are involved directly in fundraising, stewardship, planned giving, pastoral or evangelism activities. This course includes six modules and will take about 3 hours to complete.
  • Foundation (level 3): This level is for those people who have significant responsibility for data protection within a department or organisation, who are not acting as Data Protection Officers. This course includes seven modules and will take 3 hours and 30 mins to complete.
  • Practitioner (level 4): For those who work closely with GDPR, such as Data Protection Officers. This course includes 10 modules and will take 5 hours to complete.
  • Board (level 5): For chief officers, trustees, and senior people who need to understand their accountability responsibilities, but do not need detailed understanding of GDPR. This course includes three modules and will take 1 hour and 30 minutes to complete.

For more information, including how to access the training, please read this guidance


You might also be interested in...


Latest News