Establishing good data protection checklist

This checklist is your go-to guide for good data protection practice in your church. It covers the essentials — knowing who the Data Controller is (often the eldership), understanding personal data (including sensitive special category data that needs explicit consent), cataloguing what personal data the church holds, and ensuring it’s stored securely. You’ll also plan how long to keep data, securely dispose of what’s no longer needed, and handle Subject Access Requests efficiently within the 30-day legal window. Importantly, it prompts you to publish and promote your church’s Privacy Statement so everyone’s clear on how their data is handled. Reviewing and updating this regularly keeps your church compliant and trustworthy in a world where data privacy is more critical than ever.