All Posts

A ChurchDesk Guide: What does the GDPR mean for your church?


If your organisation handles the personal data of citizens, 25 May 2018 is a date that needs to be emblazoned on your mind. New regulation governing data protection comes into force putting far greater requirements on churches to manage, protect and dispose of citizens’ personal data in an appropriate manner. Here’s how the rules will affect your church. And how you can face the new regulations properly by using ChurchDesk.

About GDPR

On 25 May 2018, the EU’s General Data Protection Regulation (GDPR) comes into force, putting far greater pressure on churches to manage, protect and dispose of citizens’ personal data in an appropriate manner.

Although the regulation originated on the EU’s statue book, the UK government has stated that it will remain in place after Brexit. So the regulation will continue to apply here, even after March 2019.

UK-based businesses and organisations therefore need to pay close attention to the GDPR, being certain to adhere to it. And crucially for churches, whereas the existing Data Protection Act (1998) makes exceptions for small charitable organisations, the new regulation does not.

Put simply, if you run a church, you’re just as bound by the GDPR as someone running a multi-million-pound company. The only difference is that, while the company will have the resources to pay someone to oversee compliance, the chances are you’ll be relying on the good will of your largely-volunteer workforce.

GDPR guide for churches and parishes

Data on your members is an integral part of your mission

Of course, legislation such as GDPR doesn’t mean you should avoid gathering data about your congregation members, or other people who interact with your church. Indeed, by keeping up-to-date records, you have a great way of reaching out to people, building connections, and keeping them informed about the activities that make your church community such a special place to be. The purpose of this article is to help you comply with the requirements to let you focus on what is important; your work in the church.

ChurchDesk is designed to help you run your church and complying with GDPR is no exception. Gathering of data is the natural result of your work around the church mission and we can help you do this in a easy, safe, and compliant way. In this way, church leaders and members can spend less time worrying about adherence to a complex new set of regulations, and more time engaging in ministry and mission. As ever, ChurchDesk means less admin, and more church.

How ChurchDesk can help you

The GDPR poses a significant challenge to churches, with a real risk of sanction for non-compliance. By choosing a church management system like ChurchDesk, churches can enhance their data-handling practice.

To help you get started without getting overwhelmed with legal information and new lingo we have prepared a checklist that you can refer to. We are also fully available if you have any questions. Just send us an e-mail at or give us a call.

The ChurchDesk checklist to GDPR compliance

Update: We've just released our GDPR roadmap to highlight the initiatives that ChurchDesk is taking to help you become GDPR compliant.

1. Data processing agreement

As a church you need a data processing agreement with all the software providers you use to handle personal data. ChurchDesk offers all customers an agreement free of charge built specifically for churches to make sure you can be compliant with a minimum effort. You will get our data processing agreement once you become a customer.

Click here to read how to review and sign our data processing agreement

2. Appropriate access and permission control

ChurchDesk already provides a granular access and permission control to help ensure an appropriate level of control. However, we want to go further and make it possible to increase collaboration internally in the church while increasing control. This means that a church will be able to specify access to subsets of data in our applications, including People, Forms and Intranet.

Click here to read how ChurchDesk improves your access control

3. Data is owned by people, not the church

The right to be forgotten

People may have given you consent to use their data, however they ultimately still own their data and have the right to manage this - including the right to be forgotten. As always, you can request all data to both a user and a contact to be deleted fully. You do this by requesting it directly to ChurchDesk to avoid any data deleted mistakenly. Once the data is fully deleted it also can’t be retrieved from a backup

See all your data

Today we are already able to provide you all the data about a user and a contact at your request. The data is made available on a secure URL.

Updated and correct data

Today we already make it very easy for you to ensure that you have updated and correct information on the people that you engage with as a church with a full integration of data between our Forms solution and our people database. It is key to have the correct data and making sure it is updated. Having the wrong data on people goes against GDPR and good practice

Click here to read how ChurchDesk helps you manage your data

4. Consent

A key principle of the GDPR is to make it easy for a person to understand what they have given consent to. We've made it easy to implement a way to store and use the necessary consent types and easily drag/drop the into a form.

Click here to read how ChurchDesk helps you manage consent

5. Double opt-in and refreshing consent

ChurchDesk will make it easy for you to offer double-opt in for confirming given consents as well as refreshing consent if your required consents have changed or are poorly documented.

Click here to read how ChurchDesk helps you manage double-opt in

6. Privacy Policy

Like all organisations, you’re obliged to inform and document how you’re processing data, who’s responsible for keeping it safe, how long data is stored, etc. This documentation needs to be easy to find for all that visit your website, submit a form or make a payment.

Click here to read how ChurchDesk helps you manage your privacy policy

Further reading

We've collected a few articles that gives you a comprehensive introduction to the content of GDPR and how to meet the requirements:

Need help or advice?

We are here to help you get ready for 25 May 2018 and make sure your church successfully implements the requirements of GDPR.

If you haven't already started on the implementation we strongly recommend you to get started as it has several aspects and we only want for you to continue in your mission and run your church smoothly. We are available if you have any questions. Just send us an e-mail at or give us a call.

GDPR guide for churches and parishes

Topics: data security, Product, gdpr, guide

Christian Steffensen
Christian Steffensen
Founder & CEO at ChurchDesk

A ChurchDesk Guide: A practical guide to GDPR in your church and parish

ChurchDesk helps you get ready to GDPR before 25 May 2018. This comprehensive and practical guide includes an introduction to GDPR for churches and ad...

Read more

A ChurchDesk Guide: Choosing A Church Management System

Church management systems aim to help support churches in meeting people and smoothen their processes. Unfortunately, there are many out there – all w...

Read more

Sell tickets and receive donations with ChurchDesk

With our new integration between ChurchDesk Payments & Giving and ChurchDesk Forms, you now have a very powerful and easy to use tool for managing...

Read more