The European Union’s General Data Protection Regulation (GDPR) will come into force in May 2018. The legislation exists to promote best practice when it comes to the governance of information. It will give data subjects more control over their personal data, and support the free flow of data within the EU. These regulations apply to the Group because we collect and process personal data on our young people and adult volunteers. This could be anything from names, addresses, telephone numbers right through to more sensitive data such as religion, ethnicity and disabilities.
The 1st Stocksfield Scout Group has set up processes to monitor compliance guidance as the UK and European regulators publish it. The Group Executive has implemented The Scout Association’s recommended GDPR toolkit and best practice guide. Our local implementation has been approved by the Group Executive Committee. This work includes:
- A GDPR Privacy Impact Assessment Process
- A GDPR Framework Register
- A GDPR Data Breach Notification Process
- A GDPR Third Part Process Checking Process
- A GDPR Subject Access Request Process
Personally Identifiable Data We Collect – and Why
As part of local Scouting, Sensitive Personal Data (also known as special category data) is gathered, processed and transferred frequently. For example:
- New joiner details, be that an Adult Volunteer or a Young Person.
- Processing of this data for the purposes of events, awards, moving on to the next Section.
- Annual reviews of this data through census or further data gathering to update medical records.
- Management of safeguarding incidents where data needs to be transferred to 3rd parties for assistance.
Potential new members and/or their parents or guardians communicate with us via paper forms or email to enquire about membership. This information is transferred to a secure centrally managed online system (Online Scout Manager) and the local copies destroyed. This information is needed to allow us to process membership applications.
- Details of the young person information collected.
- Details of the adult member information collected.
During membership, young people, parents/guardians and volunteer’s data will be stored in a secure centrally managed online system (Online Scout Manager). This ensures that all Group members can enjoy safe, appropriate experiences regardless of their health conditions, religious beliefs, etc. Storing contact details allows the Group to keep young people, parents/guardians and other adult volunteers updated regarding forthcoming events. Online registration of those attending each meeting is considered good practice from a safety perspective.
Aggregated young person and adult volunteer information is presented to The Scout Association periodically to allow for statistical analysis. This may include religion, ethnicity and certain medical conditions, but members are not identified by name in the annual census data.
Scouting events involve young people and adult volunteers. These can be sectional activities in a regular meeting place or events/nights away at another location. These may require further data gathering, such as activity or nights away information and health forms completed by parents/guardians and adult volunteers. If the event is held at a location operated by a third party, we may be required to create temporary paper copies to travel with adult leaders during the event or share some information about the members attending with the third party. This will be kept to the minimum necessary and the need to share data should be made clear to members and their parents/guardians before the event. Any such records will be destroyed by the Group (in the case of temporary paper records) or the third party afterwards.
Third Party Service Providers
While we take all the necessary steps to process data fairly and lawfully, we also rely on our third-party service providers to make sure they comply with their obligations under the relevant legislation. The primary third party providers used by the 1st Stocksfield Scout Group are described below in the context of the role of the person in the Group:
Personal data about Beavers, Cubs, Scouts is initially gathered using paper forms issued by the Scout Association for this purpose
Data about youth members is held by the Group during the period of a person’s membership and up to two months after they leave a Section (in case they later want to rejoin it, or the next Section).
Personal data about Adult Leaders, Members of the Group Executive and registered Occasional Helpers (all members of the Scout Group) is initially gathered using paper forms issued by the Scout Association for this purpose
Data about adult members is held by the Group during the period of a person’s membership and up to two months after the Adult Volunteer leaves the Movement. Some data may be retained indefinitely with The Scout Association for the purposes of safeguarding.
Subject Access Request Process
Following a formal request, a data subject is entitled to a copy of personal data being held or being processed about them (with only a few exemptions possible). The data controller is permitted to charge a standard fee to the data subject (a maximum of £10). The 1st Stocksfield Scout Group is charitable organisation run by volunteers. As such it is following the practice and advice of The Scout Association, by charging £10 for providing a SAR, in order to cover some of its administrative costs.
To request a copy of your personal data that we hold (a Subject Access Request) , please send your details in writing to the Group Scout Leader via the address on the Group Executive contacts page. All such requests must include:
- Your name, address and a contact number (so that we can confirm your identity and know where to send the results)
- A cheque for £10 (made payable to the “1st Stocksfield Scout Group”) to cover the processing costs .
Acknowledgement of receipt will be issued to all requests following this process. Requests submitted without payment will not be processed.