Check 1 – Data Mapping
Review the personal information being held (known as Data Mapping)
Carrying out a review of the information you hold about individuals is one of the most important aspects of data protection; knowing what you hold and who is holding it.
This can seem a daunting task at first, especially if this check has not been carried out before.
Every person who holds and uses data as a consequence of their role within the church should be asked about the data they hold. For example, the Church Council Secretary is likely to hold a contact list of Church Council Members and also the Church Council Minutes (which may contain personal data).
To consider:
- Do you have an up-to-date record of what personal information is held by each of the people who are entitled to and need to hold data, as a consequence of the job that they do in the church or circuit? (e.g. treasurer, pastoral visitors, Sunday School or Youth leaders)?
- Are you satisfied that they only keep the minimum of personal information that they need to do their job?
- Do you know how they keep that information? (On a computer, manual records?)
- Do you know how they keep that information secure? (Computer passworded files, computer backups, manual records in a safe place?) Note that the level of security necessary does depend on how "personal" the Information that is being held is.
- Do you have a "handover" procedure for when one person stops doing a job and it passes to someone else?
Suggested Process:
- Have a look at the attached file 'Data Mapping form'
- Watch the 5 minute video on Sutton Circuit about Data Mapping
- Using the 'Data Mapping – Examples' document (non-exhaustive) consider and list all of the data (personal information) the Church and its different volunteers hold and detail the information on the Data Mapping Form
- The document 'Data Mapping – Completed Example' may be useful. This is a data mapping form completed by one of our churches and could be edited to suit.
- As part of the Data Mapping exercise I would recommend asking those who hold data to 'Data Cleanse' as they go – see Check 2 for further information.