Diocesan Operating Procedure for Data Protection
The Diocesan Operating Procedure for Data Protection is provided as a guide to all Diocesan personnel on how a wide range of issues must be managed under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation 2018 (UK GDPR). The document provides a framework of data protection policies and procedures, together with template forms, letters, and documents in a series of appendices.
The Roman Catholic Diocese of Portsmouth is registered with the Information Commissioner’s Office (ICO) as a Data Controller and must process all Personal Data about Data Subjects in accordance with the Data Protection Rules. This Procedure applies to all Personal Data processed by the Diocese, in whatever format it is held and however it is stored.
For the avoidance of doubt, the Diocese remains the sole Data Controller, even where data is processed by its curial offices, parishes, departments, and agencies. This means that anyone who processes data on behalf of the Diocese must act within the Data Protection Rules.
By adhering to this policy and related data protection policies and procedures, and through appropriate record keeping and retention, the Diocese will seek to demonstrate compliance with the Data Protection Rules.