Information for staff and members with access to church personal data
Guidance document
Guidance for staff and members with access to church data
Guidance for staff and members with access to church data
Policies and Consent forms publicly available
Consent form 1, form 2, form 3, form 4 – these are needed because consent is necessary for collecting certain types of data
The following 3 documents are on the Governance page of this site.
Privacy Notice – this is a public document which describes what data we hold and why we do so.
Data Protection Policy – this is a public document which provides an overview of the responsibilities required for GDPR compliance – this is from the Church of Scotland website
Data Retention Policy – how long to keep certain documents – this is from the Church of Scotland website
Consent form 1, form 2, form 3, form 4 – these are needed because consent is necessary for collecting certain types of data
The following 3 documents are on the Governance page of this site.
Privacy Notice – this is a public document which describes what data we hold and why we do so.
Data Protection Policy – this is a public document which provides an overview of the responsibilities required for GDPR compliance – this is from the Church of Scotland website
Data Retention Policy – how long to keep certain documents – this is from the Church of Scotland website
Policies for internal use only
Information Security Policy – this covers physical, computer and network security
Records Management Policy – a reminder of the need to consider business continuity in the event of a disaster
Information Security Policy – this covers physical, computer and network security
Records Management Policy – a reminder of the need to consider business continuity in the event of a disaster
Information for the Kirk Session
Documents describing our data
Data Model and Audit – this is the starting point and describes the flow of personal information into and out of the church. This needs to be updated if we engage in new processing.
Data controller documentation 1 – this describes all our processes and suggested justification for lawful bases chosen for each one. It includes legitimate interests assessments. Note that the lawful bases should not be changed.
Data Model and Audit – this is the starting point and describes the flow of personal information into and out of the church. This needs to be updated if we engage in new processing.
Data controller documentation 1 – this describes all our processes and suggested justification for lawful bases chosen for each one. It includes legitimate interests assessments. Note that the lawful bases should not be changed.
Documents based on the ICO’s checklists
Data controller documentation 2 – this is a description of an individual’s rights. Note however that a subject access request should be referred the Presbytery in the first instance
Data controller documentation 3 – this is needed to meet data protection criteria – how data is collected eg lawfully, fairly etc
Data controller documentation 4 – this is needed to meet information security criteria – how data is kept secure – physically and electronically
Data Protection Principles – this describes the 6 principles a) to f) and provides checklists to ensure compliance
Information Security documentation – provides a checklist and a reminder of our legal obligation to carry out testing of the security of our systems
Data controller documentation 2 – this is a description of an individual’s rights. Note however that a subject access request should be referred the Presbytery in the first instance
Data controller documentation 3 – this is needed to meet data protection criteria – how data is collected eg lawfully, fairly etc
Data controller documentation 4 – this is needed to meet information security criteria – how data is kept secure – physically and electronically
Data Protection Principles – this describes the 6 principles a) to f) and provides checklists to ensure compliance
Information Security documentation – provides a checklist and a reminder of our legal obligation to carry out testing of the security of our systems