GDPR chaos as churches stop prayer requests and charities prepare to halt meals on wheels

Friday's data protection crackdown has sparked chaos as small companies, charities and religious organisations are misinterpreting the rules. 

The new rules, called GDPR, which stands for General Data Protection Regulation, are designed to better protect consumers' data and stop businesses bombarding them with unwanted marketing material.

Companies that break the rules can now be fined up to 4 per cent of their turnover by privacy watchdogs.

The Telegraph has heard from a number of organisations who have felt confused and stressed after speaking to the Information Commissioner's Office helpline or seeking independent legal advice to ensure they continue to be law abiding. 

Speaking to Radio 4's Today programme on Friday, Elizabeth Denham, the Information Commissioner, reassured small businesses that they will not be punished for failing to be ready on time.

"Small businesses should not panic," she said.  "We are not looking for perfection. It is nonsense to think regulator will make early example of small businesses.

However, her words of reassurance may have come too late for many organisations who are already in a state of chaos over the change. 

There was confusion in the Church of England as priests interpreted advice to suggest that they were no longer allowed to pray out loud in church for parishioners. 

One, Marcus Walker, the rector of Great St Bartholomew in the City of London, tweeted: "We’ve been told we can’t pray for anyone who hasn’t given their personal consent, which is just ridiculous."

He later said he had received updated guidance that "publicly praying for those who have been added to our prayer board can continue." 

However, churches have been told that they must get written consent from any individual whose details are to be published, either on a noticeboard, a church mailing list or parish newsletter. 

Declan Kelly, lead advisor for the Church of England on GDPR said permission would be needed "if the information were to be published on a website, leaflet or social media."

A spokesman for the diocese of London said its guidance had been updated following the confusion. 

"There is no obstacle, under the GDPR, to spoken prayers in church," he said. 

"As the national guidelines say, where personal data (such as information about health) is going to be recorded and published, such as on a church website or in a newsletter, it is good practice to ask the person concerned whether they’re happy for that to happen.

"Obviously there is room for pastoral judgment here. Many members of a church family will accept having prayer requests shared as a matter of course.

"In sensitive situations in which somebody is highly likely to be unhappy about having their name and/or other information shared, we do warmly advise seeking their agreement, and refraining from sharing their information in print where consent can’t be obtained."

However the diocese's new guidance for parishes still cautions against sharing any information about illnesses.

Where prayers are concerned, it says, it is "important that the illness should not be made public, unless the consent to share this information has been expressly given."

In a situation where one individual wants to light a candle for another and leave a note with their name and illness, the guidance says, the church must "try to ensure that consent is obtained, particularly in our multi-cultural society where people may object to being prayed for."

"It is really not necessary for everyone to know why they are ill," the document adds. 

Meanwhile this newspaper was also contacted by Age Concern Forest of Dean, small charity providing meals on wheels services to elderly and vulnerable people.

Following a phone call with the ICO's GDPR helpline the charity was under the impression that it needed to send a two-page letter to each client outlining the provisions of the Data Protection Act and asking permission to continue to hold their data.

This was to consist of name, address, telephone number, next of kin if applicable, and in the case of meals clients, their diet preferences. In the event of permission being withheld it would have to stop serving the meals.

As a high proportion of the charities' clients have dementia or other disabilities, such a requirement would have posed a major threat to its services.  

It was only after intervention by this newspaper that the ICO phoned Age Concern Forest of Dean to tell them that they did not need to gain peoples' consent to continue providing meals on wheels.

Prior to the call Dr Daphne Pearson, the chairman of trustees, had been astonished to hear that the vital work of the charity would have to be diverted into what would have been a bureaucratic nightmare.

She said: “We were very worried. It seemed so confusing and vague. We are only a small charity. This sort of bureaucracy puts a big burden on us. We only have one part-time person doing our admin. The possibility of contacting hundreds of people would have been very difficult.

“We would have had to explain that if they wanted to withheld that data we wouldn’t be able to serve them meals on wheels. After all, technically we wouldn’t be able to know who they are or where they live.

“We were also concerned that trying to explain to them what data protection is all about would not have been easy. This sort of thing can be worrying for elderly people who may not understand.”