General Data Protection Regulation (GDPR) 2018
Jersey Deanery Data Protection Policy
From the 25th April 2018, a new General Data Protection Regulation (GDPR) is in force. Under the terms of the Regulation we are required to inform you about your personal data that we hold and how and by whom it can be accessed.
The Deanery of Jersey Board of Finance (Jersey Deanery) is the Data Controller. It:
- Will comply with the General Data Protection Regulation (GDPR) 2018, as enshrined in The Data Protection (Jersey) Law 2018 and Data Protection Authority (Jersey) Law 2018. The new law enhances the existing law and:
- Expands liability to all organisations that deal with personal data
- Introduces data breach notification within 72 hours to the local DP Authority
- Introduces increased fines – up to 4% of global annual turnover or EUR 20million (whichever is the highest)
- Will provide a Privacy Notice, as required or requested, which forms part of this Policy and should be read in conjunction with it.
Our Policy parameters may be summarised as follows:
- How we collect information about you. Our information comes from the churches in which you serve and the knowledge we gain by our conversations and communications with you.
- What personal information we might collect from you. Personal information includes your contact details and the role or roles which you undertake. The information we collect is limited to what is necessary for the administration of the Deanery’s work and commitments. We may also retain details of the name of your spouse or partner for inclusions in social functions and annual events. If you work for the Deanery, we will hold all and only data necessary for the fulfilment of our legal obligations under law.
- How we use this information. We use this data to communicate with you regarding the role, or roles, which you undertake in or on behalf of the Church of England in Jersey. It will also appear in our Jersey Deanery Directory, an annual publication that will be distributed to colleagues and friends of the Deanery. We also use it to comply with all and any legal obligations.
- How we protect your personal information. Your information is stored electronically ‘in the cloud’ under the control of the Data Controller. It is held in software applications maintained by Microsoft Office 365. Those employed by the Jersey Deanery require hard copy files, which are double locked when the Jersey Deanery Office is closed.
- How we keep your information up to date. Your information is kept up to date by regular reviews and updates from the church with which you are associated, by our becoming aware of your changed circumstances and by you advising us of changes, as they occur.
Definitions and further information.
You may find the explanations below helpful.
What is personal data?
Personal data is data which can be used to identify you. This includes your name and address, email address, and contact telephone numbers. If you are in a position of leadership within the Church, we may display a picture to help others to identify you.
How will your data be used?
Your data will primarily be used to manage your commitments to the Jersey Deanery and wider church. We will contact you to inform you of upcoming events and other announcements directly relevant to these commitments.
Once these commitments have lapsed, information concerning you will be removed from the database as soon as practically possible. Unless you have been remunerated by the Church in any capacity, when Employment Laws will take priority, the period will not exceed 6 months.
Personal data will only be shared with the Diocese of Salisbury and the wider Church of England, and where required by law or authorised by the data subject.
Whilst the Data Controller will do everything it can to protect and maintain your data, you also have a responsibility for informing the Data Processor if your personal data changes.
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is processed according to the law. For example, they are responsible for making sure that the information held about you is accurate and that it is kept secure. We are confident that we have the systems in place to provide you with details of the data we hold on you, remove or correct data as required, and deal with complaints and data breaches.
What is a Data Processor?
A Data Processor is the person responsible for data input. At the Jersey Deanery, the Data Processor is the Executive Secretary who may be contacted at email@example.com if you have any questions regarding your data, or wish to make a complaint.
This policy will be reviewed from time to time to reflect legislative changes and practical experience.