URC EMS - Email and Websites - Points of Good Practice and GDPR

United Reformed Church East Midlands Synod

Email and Websites - Points of Good Practice and GDPR


Having learnt from experiences around the Synod, we have these guidelines for local churches.


A: Use Church Email

It is essential that ministers and church officers do NOT use a joint email address.  (e.g. revdandmrssmith@mymail.com, AandBsecretary@othermail.co.uk )

This contravenes GDPR. If you do this, please change it to individual addresses today and tell everyone of the change!


It is highly recommended that your Church Secretary, Minister and any other church contacts (magazine editor, safeguarding officer, GDPR privacy officer) have a business (church) email address separate from their personal email address.

This means that you can advertise these email addresses - which is presumably what you would want to do!

If the contact person changes, they should take over the post’s email address and change the password.


How can you set up a business email address?

  1. If you have a church website with its own address (URL - e.g. sherwoodurc.co.uk) then you can set up mailboxes under the package that hosts your website.
  2. You simply go into your control panel (usually plesk or cPanel) and click on the link to set up mailboxes /email addresses and add passwords. Then show the officer how to access them.
  3. If not, but the church has its own broadband connection, you can often set up email addresses there. 
  4. Otherwise, use a free email provider such as mail.co.uk or one of the big (worldwide) providers like google, yahoo etc. So you could set up, say, sherwood-sec@mail.co.uk, sherwood-minister@mail.co.uk and so on.


B. Church Websites  - Editing / Control Panel Access

It is vital that the Elders - who are the data controllers for your church - have the access details to your church website so that they have the information available to go in and edit the web-pages and its hosting package.

There have been instances of the church’s page being set up by a "friend of the church", sometimes beside other sites they manage, and then they have 'gone away' and are very slow or have stopped updating the site.  Under GDPR, the church however is still responsible for that site and the data that is on it.

So please make sure that:

  1. Your church website is hosted in an account of its own and the elders hold the details to log in and manage that account (pay hosting bills, buy/renew the URL etc.)
  2. The elders have access details to the control panel for the website where email addresses and website files can be set up.
  3. The elders have the details to log onto and edit the contents of that site (as often as not this is different from the site’s control panel), even if you delegate responsibility for maintaining the site to an elder or church member.


If you need any help, please contact the Privacy Officers at the Synod Office on privacy@urc5.org.uk who will pass your query to the Synod’s IT Advisor.