Unlike Safeguarding Dashboard, a Safeguarding Hub contains personal data. For example, it keeps a record DBS checks and safeguarding training records. In accordance with our Privacy Notice, the relevant PCC is the data controller of this personal information.
What information is shared with the diocese?
At present, a Diocesan Safeguarding Team can only access anonymised statistical data. For example:
- The number of roles that a parish has created.
- The number of people that a parish has added.
There are no GDPR implications regarding the sharing of this anonymous data.
What information may be shared in the future?
Later this year, a Diocesan Safeguarding Team may also access personal data from parish hubs, provided there is a legitimate reason for doing so.
First, we will ask each diocese what personal data they would like to access, and their legitimate reasons for having it. Next, we will discuss the preferred legal basis for accessing this data. Two possible options are:
- A data sharing agreement between the Diocesan Board of Finance and a PCC.
- Making the Diocesan Board of Finance and PCC joint data controllers.
Both options should be possible under the GDPR.