Skip to main content

Compass is offline while we prepare our new tools

Compass is offline while we prepare our new tools

Compass is now offline. Read more

Discover what this means

Scout Unit Data Protection Toolkit

Data protection is a key responsibility for anybody that has access to the personal data of individuals

Introduction

Data protection is a key responsibility for anybody that has access to the personal data of individuals.

This guidance material has been designed to help you understand the legislation applicable for data protection and provide tooling for alignment to the legislation.

Following feedback on the GDPR Toolkit, the Scouts UK Headquarters (UK HQ) have redesigned this guidance to be more step based with bite size materials that can be used in isolation. This includes the simplification of the previous GDPR Framework to line up with the new steps-based guidance.

During this guidance material, local Scout Groups, Districts and Counties/Areas/Regions (Scotland) will be collectively referred to as ‘Scout Units’.

There are 12 steps as part of this guidance. To keep track of your progress through the material you can use the GDPR Alignment Checklist. As you are working through these 12 steps you may identify risks in the way you are operating. The GDPR Risk Register can be used to assist in tracking these risks.

The 12 steps in this guidance are broken down as below:

Step 1: What do I need to know about GDPR – Introduction to GDPR and key terms to be aware of

Step 2: Who is responsible for what – Exploration of the roles within GDPR and what they mean

Step 3: Appointing a Data Lead – The benefits of a Data Lead

Step 4: Understanding data subjects’ rights – Exploring the rights of data subjects and how to respond to these rights

Step 5: Gathering data – Examples and tooling for the creation of best practice surveys and forms

Step 6: Data discovery – Exploring the data you have and how to look for it

Step 7: Keep a record – Recording the data you have and the processes you use to gather it 

Step 8: Check your security – Looking at the ways you can secure data and keeping a record of the security in place

Step 9: Third parties – Discovering and recording the third parties you use

Step 10: Publish your privacy stance – Examples and tooling to help create privacy notices and statements

Step 11: Delete and destroy – Making sure you only keep data as long as you need it and how you should get rid of it

Step 12: Responding to a breach – Understanding what a breach is and how to deal with it