Data Protection Policy

Spurgeon Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people’s rights around how their information is handled. This policy explains our responsibilities and how we will meet them.


Section A – What this policy is for

  1. Policy Statement
  2. Why this policy is important
  3. How this policy applies to you & what you need to know
  4. Training and guidance

Section B – Our data protection responsibilities

  1. What personal information do we process?
  2. Making sure processing is fair and lawful
  3. When we need consent to process data
  4. Processing for specified purposes
  5. Data will be adequate, relevant and not excessive
  6. Accurate data
  7. Keeping data and destroying it
  8. Security of personal data
  9. Keeping records of our data processing

Section C – Working with people we process data about (data subjects)

  1. Data subjects’ rights
  2. Direct marketing

Section D – Working with other organisations & transferring data

  1. Sharing information with other organisations
  2. Data processors
  3. Transferring personal data outside the European Union (EU)

Section E – Managing change & risks

  1. Data protection impact assessments
  2. Dealing with data protection breaches

Schedule 1 – Definitions and useful terms

Schedule 2 – ICO Registration