GDPR Guidance for Leaders & GEC

Essential Reading

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). Personal data is information relating to a living individual who can be identified from that data. MandatoryTraining Module for all existing leaders (to be completed by 31/01/19) – Leaders and Group Executive Committee Members MUST complete the online GDPR training which can be accessed here and send the certificate generated at the end of the training module, confirming this has been completed to the District Training Manager.

When processing personal data / information:

  • Do ensure the data/information is accurate and up to date.
  • Do store data securely e.g.
    • use Compass or Online Scout Manager
    • in exceptional cases, where information is held on a local system (e.g. personal laptop), make sure the data / laptop is password protected.
  • Do use OSM for communicating with parents. In exceptional cases when you need to use email, use ‘BCC’ facility to avoid disclosing personal email addresses.
  • Do destroy or securely delete data which is no longer needed.
  • Do protect personal data from loss, misuse, unauthorised access and disclosure.
  • Do not ask for information where there is no valid reason to hold this information.
  • Do ensure we have explicit (opt-in) consent to use photos.

Paper records:

  • Do hold paper records securely (e.g. in a locked filing cabinet) and transfer the data to an online system asap e.g. Compass or Online Scout Manager.
  • Do destroy paper forms securely e.g. shredding machine.

(Gift Aid forms are held by the Group’s Membership Secretary and retained for 7 years.)

Events / Camps:

  • Do take only essential information to events / camp as it is likely to be less secure e.g. printouts of personal contacts and medical information.
  • Do keep data secure when in transit e.g. use a lockable brief case.
  • Do destroy paper printouts asap.

Sharing and transferring personal Information:

  • Do only share personal information with other leaders and Executive members, on a need to know basis.
  • Do only share personal information outside our Group where we have a legal obligation e.g. Leighton Linslade District, TSA, Unity, health professionals, local authority services and law enforcement.
  • Do transfer personal information if a person moves to another Scout Group or Explorer Scout Unit.

Data breaches / request to access to data:

  • Do refer to GSL or Executive Committee asap

Additional Information

Our Privacy Notice is published on our website

People have a right to:

  • Be informed how their data will be used (Privacy Notice)
  • Know what data we hold
  • Update their data if it’s inaccurate or if something is missing
  • Ask us to delete any personal data unless there are some exceptions, e.g. legal reasons, not to do so
  • Restrict any further use of their data if the data is incorrect
  • Ask us to share data digitally – e.g. pdf.
  • Object to how their data is used.

What we use personal data for:

  • Personal and medical information (including additional needs) – for the protection of the young person whilst in the care of the Scout Group
  • Religious data  to respect a person’s beliefs with regards to activities, food and holidays (note that details of religion have not been recorded since Sept 2018)
  • To administer membership records
  • To fundraise and promote the interests of the Scout Group
  • To manage volunteers
  • To maintain our own accounts and records (e.g. gift aid applications)
  • To inform parents of news and activities

The legal basis for processing personal data

  • To comply with our legal obligations
  • To contact parents about the welfare of children, meetings, events, collection of membership fees etc, (i.e. for the day to day running of the group)
  • Where it is in a person’s legitimate interest e.g. to make contact about products or services within scouting unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Third Party Data Processors

We share data with third party processors:

  • Compass (personal information of leaders, adults and parents who have undergone a Disclosure and Barring Service (DBS) check)
  • Online Youth Manager Ltd (Online Scout Manager or OSM) to record personal information of young people, badge records, online payments, event and attendance records etc.
  • Xero which is an online accounting system which we use to process and record financial transactions including membership fees.

Retention Periods

  • Full personal information is kept on OSM, as long as a person continues to be a member of 1st Linslade Scout Group.  Limited personal information is kept for a period of up to 15 years (or until the age 21) to fulfil our legal obligations for insurance and legal claims (name, badge and attendance records)