Churches handle some of the most sensitive personal data—families, children, pastoral notes, giving records. One stray spreadsheet or an over-shared drive can become tomorrow’s headline. The Data Protection Sunday Kit makes it simple to talk about privacy from the pulpit and to fix the everyday admin habits that cause risk.

What’s inside (free download)

• GDPR Church Checklist (1-page)
  Quick, plain-English checks for attendance, groups, consent, exports, retention, incidents.
• Sermon Notes (7–10 minutes)
  Scripture + real-world examples + a call to good stewardship of people’s data.
• Slide Deck (5 slides)
  Visuals that land the message without scaring people.
• Post-Service Action Card (A5 printable)
  “3 things you can do this week” for staff, leaders, volunteers.
• Email/WhatsApp templates
  Notify teams, confirm changes, link to policies.
• Bonus: Mini “Data Request” form template (for SAR/erasure intake).

Download: Data Protection Sunday Kit (free) — Download Here

---

Why your church needs this

• Stewardship, not scare tactics: People trust you with their stories; show them how you protect them.
• Breach prevention in plain English: Lock down the 5 riskiest habits in a week.
• Trustee-friendly: Evidence of reasonable steps, audit trail, and next review date.

---

Run a “Data Protection Sunday” in 60 minutes

1. During notices (7–10 mins): Use sermon notes + slides.
2. Show the 5 risks: Shared logins, uncontrolled exports, no consent check, old files, no incident plan.
3. Name the fixes: Roles & MFA, export controls, consent/suppression, retention buckets, incident playbook.
4. Invite a response: QR to the action card; ask leaders to tick off 3 tasks this week.
5. After service: Email templates go out; attach the checklist; book a 30-minute follow-up.

---

The 5-slide teaser (ready to present)

1. Call to Stewardship — “We guard stories, not just spreadsheets.” (Prov 27:23)
2. Where breaches really happen — Simple examples (USBs, exports, shared logins).
3. Five fixes this week — Roles/MFA, consent, retention, exports, incident plan.
4. What we’re doing as a church — Your commitments + review date.
5. What you can do — Scan QR → action card; who to contact.

---

Who it’s for

• Admins & Office Managers: Turn chaos into a checklist.
• Pastors & Ministry Leads: Share private content safely (private sermons, restricted notes).
• Trustees: See evidence and sign off with confidence.

---

What happens after Sunday

• Week 1: Set roles, switch on MFA, review exports.
• Week 2: Consent/suppression tidy-up, retention buckets (6/12/36/72 months).
• Week 3: Incident micro-playbook + contacts; book quarterly review.
• Week 4: Publish “What we changed” summary to trustees.

---

Pair it with PMTChurchFlow (optional but powerful)

• Roles & permissions (least-privilege, audit logs)
• Consent & suppression lists (honour preferences)
• Retention policies (scheduled purges)
• Data requests (SAR/erasure) workflow
• Private sermons & restricted notes (watermarking)

Want tooling that makes this easy? Visit https://www.pmtchurchflow.org/.

---

FAQs

Is this legal advice? No—it’s practical guidance built around GDPR duties for UK churches.
Do we need new software first? No. Start with the checklist; tools can follow.
Will this take over the service? The mini-sermon is 7–10 minutes plus a QR action.
Can small churches use this? Yes—designed for small/medium and multi-site.