Have you destroyed any privacy information that is no longer required?
During the Data Mapping exercise under Check 1 you will have identified all the personal data that is held and used about individuals connected with your Local Church.
Under the Principles of the GDPR you are required to ensure that the information that is processed about individuals is used for the purposes in which it was collected and is kept relevant and up to date.
Where information about individuals is identified as not being required anymore, perhaps because a person is no longer a member, then as much information about that person should be permanently deleted as soon as possible, such as removing them from the members list or the Church Directory. Please do check the Data Retention Schedule to ensure that you are not destroying any information that you need to keep.
By confirming this check you are stating that you have reviewed the personal information that you hold and have destroyed any information that you no longer need.