Security of your data is our first priority and this page outlines some of our operating procedures and security practices.
The new General Data Protection Regulation (GDPR) came into force on 25 May 2018.
This Regulation governs how Personal Information (PI) can be handled and how it must be protected by Data Controllers. Because of the information held on its members, the Scout Association is classed, under those Regulations, as a Data Controller and must comply with this Regulation. For general information about these Regulations, see further guidance on GDPR here.
The Data Protection Act governs the collection, recording, storage, use and disclosure of personal data, whether such data is held electronically or in manual form. Young people have the same rights as adults under the Act, and the impact on Scouting is addressed below.
This page provides a general overview of the main ways in which data protection may be relevant to scouting. It is not intended as a detailed account and more information can be found from the Information Commission’s Office (ICO) the independent governmental authority responsible for overseeing and regulating data protection. Further explanation/assistance can also be obtained by contacting the Legal Service Department at The Scout Association UK Headquarters.
How we handle personal data (PI) at Wyre District:
Wyre District has a responsibility to hold and manage data of its members in a manner that is compliant with UK law. As per all other organisations. we maintain computer records and paper records of their members or beneficiaries. We are legally obliged to consider why we keep the data, that it only be used with consent of the person in the way(s) agreed and that it is kept secure and private.
To achieve this, we maintain our data against the following principles:
- Personal data must always be processed fairly, handled for intended purpose and only in ways that an individual would reasonably expect.
- Obtain and keep record of consent
- Don’t download data to laptops or pen drives without password encryption
- Don’t send data files by email unless absolutely necessary
- Maintain confidentiality on need to know basis
- Train all staff, including volunteers, and obtain confidentiality agreement
- Delete or destroy securely when no longer required
To achieve compliance with our stated principles, we will operate in the following manner:
- We will seek positive consent from our members, including confirmation of their parental responsibility where required for people 13 or under, before recording any personal information
- We will maintain data relating to our members and other beneficiaries using The Scout Association Compass system and Online Scout Manager, with retention of paper records only being maintained where a physical signature or other manual record is required
- We will only print records where this is operationally required, and will ensure that any paper records are destroyed within 24 hours of completion of the requirement
- Any paper records that cease to be required will be destroyed in a manner that makes them unusable
- Retained printed records will be held securely
- All records will be reviewed, and any members that leave will be removed within 30 days of leaving
At Wyre District we utilise the Online Scout Manager (OSM), a third party online management system (Data Processor) for handling, collecting and storing personal data relevant to the day to day running of the Scout District. This system has been developed specifically for Scouting and Guiding Organisations. More information about the security measures employed by OSM, to protect all personal data can be found here: Security & GDPR.
Wyre District stores all the Personal Data held by the Group, on its members, on this online platform and conducts all reviews and updating of information held, events, emails, etc. through this system. No paper records of this information is held, although, on limited occasions, records may be printed out, where online access is not possible. These physical records are then destroyed after the event.
The Group provides all parents with permanent access to all personal information records, held by the group, on this online system, which is available for remote access by all parents at any time, following their setting up an account with secure login (required to confirm attendance to events, etc.). All parents are required to ensure that information held by the Group is up to date and they can amend/update records as they might change.
As part of a larger Scouting Organisation, the District shares its records/information held with the Scout Association headquarters. No information is passed outside the Scout Group, to Third Parties.
Personal Information held on adult members of the Group is handled through the Scout Association Online System, Compass. This has been developed and is managed by the Scout Association for the recording of adult details, training, permits, DBS Disclosures, etc. Information about the use of Compass in the context of GDPR can be found here: Compass.
All email correspondence to and from the District is undertaken through Compass or through our direct Group email system.
you to provide information about this and, if necessary, to ask for your consent.
We will update the version number and date of this document each time it is changed.