The PCC has a legal obligation to comply with the Church of England's safeguarding requirements, but they can decide how best do this. The PCC is the data controller.
A PCC can choose to use a Safeguarding Hub to help them fulfil their legal obligation. These hubs are provided by Clearly Simpler, who is the data processor.
According the the GDPR, there must be a legally binding agreement between a data controller and a data processor. This agreement sets out the scope of the data processing and the responsibilities of both parties.
Where can I find the Data Processing Agreement?
You can download a draft Data Processing Agreement here.
This draft Data Processing Agreement has been issued for consultation with dioceses and PCCs.
Any comments or suggested amendments can be submitted here.
Will Clearly Simpler be legally bound by this agreement?
This Data Processing Agreement will be between a PCC (the data controller) and Clearly Simpler (the data processor).
Clearly Simpler will be legally bound by this agreement because it will also form part of a contract with your diocese.
Related pages
- Summary of the GDPR requirements
- What is the lawful basis for processing personal data?
- Does a PCC need a Data Privacy Notice?
- Does a PCC need a Data Processing Agreement?
- Is information shared beyond our parish?