GPDR needs you 2.png

We need help to fulfil our legal responsibilities set by the General Data Protection Regulations. Because many people in the church take on different responsibilities we need a formal record record of who looks after what.

Possible Gotchas

Consider this situation: Someone asks one of our pastors “Please tell me what information Pitlochry Baptist Church” has about me?. Under the GRPR “Right of access” we have to fulfil the request “without undue delay and in any event within one month “.

Or consider this scenario: The GDPR governing body forwards a complaint that has been made about how we used a particular individual’s personal data. In this case we have 3 days (not 3 working days) to respond.

What we need

For both of these, and to meet other requirements, we need a record of who holds personal data, where it is held and under what security. This is where you come in. If you think you have any personal data on behalf of PBC or a PBC organised group (e.g. home group, Welcome All, etc.) please let me know. To make it easier (?!) I have put a link to a survey in the Church Family Resources area of the church web site: Click on the cartoon character at the bottom. Anyone can do the survey or alternatively you can email me at

What is Personal Data?

But what, you may ask, is personal data? Personal data is “information that relates to an identified or identifiable individual”. This can be a picture, a name, or even an email address. It can be held anywhere, pinned to a notice board, in a notebook, on a computer, somewhere on the cloud; there are lots of possibilities. All these are fine provided the person identified is happy for the information to be there.

We need to be sure people understand how the information they provide about themselves is going to be used and make sure we do not use it for anything else. If you regularly handle/update personal data let me know. We have a file you can use to record the permissions you received (verbal or written).

Why is this important?

Well, the laws on data protection apply to organisations, and, although God’s church is not an organisation, Pitlochry Baptist Church is. As such we have to be in position to fulfil the provisions that the law requires.

So please have a think and, if appropriate, fill in the form (on or contact me. I am more than happy to answer questions.

Peter Boughton