7th Cheltenham(Charlton Kings) Scout Group Policy for GDPR.
From the 25th May 2018 the General Data Protection Regulations come into force.
GDPR means that Personal Identity Information held by us must be actively consented to by the person, the consent must clearly states what information is held and its purpose, how it is stored, how it is processed, to who it may be passed to, how its accuracy is maintained, for how long we will retain it and if they will allow us to use it to contact them. GDPR also allows ‘Subject Access Requests’ for ALL a subjects data held within the group and the reporting of any data loss to the Information Commissioners Office.The responsibility for this falls on the executive committee of the scout group and will normally be administered by a nominated Data Protection Officer.
We hold data on 3 different groups, young members, adult members and marquee hirers.
Information held and its purpose will be listed on consent forms for each of the three groups.
All information will be held in one of the following methods:
- Youth records – primarily in OSM, but for such things as camps etc. paper records may be stored for the duration of that event in limited access locked storage. Any home computer records should be double password or encrypted files.
- Adult records – primarily in COMPASS, but for such things as camps etc. paper records may be stored for the duration of that event in limited access locked storage. Records may also be stored in OSM. Any home computer records should be double password or encrypted files.
- Hirer records – primarily on paper records (contract form) stored in limited access locked storage. Records may also be stored on a home computer, double password or as encrypted files.
The consent form for each group shall list who may access and process this information. It will also list who we may pass the data on to, how the accuracy of the records may be maintained, how long they will be retained and if we can use the details to contact them.
Subject Access Requests must be responded to within 40 days and be recorded by the Data Protection Officer who will confirm all records have been passed on. In line with the Scout Association recommendation a 10 pound fee will be charged for this.
If any records are lost in any way this must be reported to the Data Protection Officer immediately as the loss must be investigated and reported to the Information Commissioners Office.