GDPR for Catholic Churches

Since the introduction of the General Data Protection Regulation (GDPR) in 2018, parishes have had to adapt how they collect, store, and process personal data.

The Unique Context of the Church

The Church has a hierarchical structure that doesn't always map neatly onto standard business data models.

• The Parish is often the data controller for day-to-day operations.
• The Diocese has oversight and canonical authority.
• Sacramental Registers are public records in Canon Law but contain personal data under Civil Law.

Common Pitfalls

1. Open Email Lists: Sending emails to the entire parish using 'CC' instead of 'BCC'.
2. Unsecured Paper Records: Leaving census forms or registers in unlocked sacristies.
3. Lack of Consent: Assuming people want to be on the newsletter because they are on the baptism register.

Best Practices

• Digitise Securely: Move data from paper and local spreadsheets to a secure, encrypted cloud system.
• Role-Based Access: ensure only the Priest and Parish Secretary have full access.
• Consent Logs: Keep a record of when and how someone consented to be contacted.

ParishLedger allows you to manage these consents granularly, ensuring you always respect your parishioners' privacy preferences.