Safeguarding Hubs

Summary of the GDPR requirements


A Safeguarding Hub contains personal information about church volunteers and employees.  This might include:

  • The date and type of DBS check
  • The date that safeguarding training was completed
  • The steps that were undertaken when safely recruiting a new volunteer.

Collecting, storing, analysing and deleting this information is called data processing, and the Parochial Church Council (PCC) must ensure that it is carried out in accordance with the UK's General Data Protection Regulation (GDPR).
 

What is the lawful basis for processing personal data?

A PCC can only process personal data if it has a valid lawful basis for doing so.

According to the GDPR, there are six lawful bases for processing personal data:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Pulic task
  • Legitimate interests

No single basis is ’better’ or more important than the others – the most appropriate basis depends on the purpose for which the data is being used.

Given that a PCC has a legal obligation to comply with the Church of England's safeguarding requirements, this is the most appropriate lawful basis.

Read more
 

Does a PCC need a Data Privacy Notice?

Yes.

Whether or not your PCC uses Safeguarding Hubs,  it must display a Data Privacy Notice.  This tells church members why and how their personal data is being processed - not just for the purpose of safeguarding, but for all church purposes.

If your PCC chooses to use Safeguarding Hubs, this should also be mentioned in your Data Privacy Notice.

Read more
 

Does a PCC need a Data Processing Agreement?

Yes.

A PCC has a legal obligation to comply with the Church of England's safeguarding requirements, but they decide how best do this.  The PCC is the data controller.

A PCC can choose to use a Safeguarding Hub  to help them fulfil their legal obligation.  These Hubs are hosted and supported by Clearly Simpler, who is the data processor.

According the the GDPR, there must be a legally binding agreement between a data controller and a data processor. This agreement sets out the scope of the data processing and the responsibilities of both parties.

Read more
 

Is information shared beyond our parish?

Yes.

A Safeguarding Hub can share information with other people or organisations within the Church of England.

For example, Hub information could help your diocese, or another Church body:

  • To monitor compliance with safeguarding requirements.
  • To provide better support for you and other parishes.
  • To promote the mission and ministry of the Church of England.

This might involve the sharing of both personal and non-personal data.

Read more

Powered by Church Edit