Diocesan Operating Procedure for Data Protection

The Diocesan Operating Procedure for Data Protection is provided as a guide to all Diocesan personnel on how a wide range of issues must be managed under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation 2018 (UK GDPR). The document provides a framework of data protection policies and procedures, together with template forms, letters, and documents in a series of appendices.

The Roman Catholic Diocese of Portsmouth is registered with the Information Commissioner’s Office (ICO) as a Data Controller and must process all Personal Data about Data Subjects in accordance with the Data Protection Rules. This Procedure applies to all Personal Data processed by the Diocese, in whatever format it is held and however it is stored.

For the avoidance of doubt, the Diocese remains the sole Data Controller, even where data is processed by its curial offices, parishes, departments, and agencies. This means that anyone who processes data on behalf of the Diocese must act within the Data Protection Rules.

By adhering to this policy and related data protection policies and procedures, and through appropriate record keeping and retention, the Diocese will seek to demonstrate compliance with the Data Protection Rules.

markus spiske Skf7HxARcoc unsplash

But everything must be done in a proper and orderly manner.

1 Corinthians 14:40

View the Data Protection Policy for the Diocese

Data Protection Policy for the Diocese

Other Important Documents

Subject Access Request (SAR) Form

GDPR, Data and Privacy

161 KB

Subject Access Request (SAR) Guidelines

GDPR, Data and Privacy

261 KB

Full Privacy Notice

GDPR, Data and Privacy

204 KB

Short Privacy Notice

GDPR, Data and Privacy

154 KB

Donate