The General Data Protection Regulation (GDPR) is a European regulation that will take effect across Europe from 25 May 2018. As a result it replaces the existing law on data protection in Northern Ireland and the Republic of Ireland and gives individuals more rights and protection in how their personal data is used by organisations. GDPR therefore simply builds on what we are already required to do in respect of data protection, but recognises the extraordinary developments over the past 20 years in technology and social media, and the need for greater transparency and accountability from organisations in respect of how personal data is processed.
Just like any other charity or organisation, the Presbyterian Church in Ireland (PCI), its presbyteries and congregations, must comply with the GDPR requirements.
What is GDPR about?
GDPR is focused on looking after the privacy and rights of the individual and based on the principle that consumers and data subjects should have knowledge of:
- What personal data is held about them.
- How it is held.
- How it is used.
Personal data is information, held electronically or physically, about a living individual, which is capable of identifying that individual.
PCI has developed a number of resources to assist presbyteries and congregations in becoming compliant with the legislation and these resources can be accessed from the menu to the right. In addition, presentation sessions have been scheduled to provide an overview of GDPR and to outline the steps necessary to become compliant.
For those presbyteries and congregations based in Northern Ireland the lead authority on GDPR is the Office of the Information Commissioner. For the Republic of Ireland the lead authority is the Office of the Data Protection Commissioner.
Further information, guidance and resource can be found by visiting their websites:
Information, guidance and resources from the European Union are available here.