|68th Doncaster (Hatfield) Scout Group
Data Policy (revised in light of GDPR regulations)
– May 2018
From 25th May 2018 new legislation is in place regarding management
of personal data. The 68th are committed to working within this
legislation and the guidance issued from the Scout Association to
manage and use the data of all those within the Group correctly.
This relates to the data held for Group purposes, specifically:
• Enrolment forms (paper)
• Activity permissions forms (paper)
• Electronic registers (principally OSM* and locally produced
spreadsheets / word documents for specific events).
• Gift Aid forms and related data
* OSM – Online Scout Manager – an online database containing
member’s details. Please refer to OSM’s own Security
and GDPR policy statements on their web site : www.onlinescoutmanager.co.uk/security.html
This does not explicitly cover the Compass system used to manage
Leaders records. Responsibility for managing Compass is deemed to
rest with the Scout Association, and management of it locally is
deemed to rest with Doncaster Danum District Scouts Council. The
Compass system is not used for data for those under the age of 18,
it is for Leaders records only.
Increased rights under the legislation and how to exercise
• Individuals have the right to access their data and request
a copy of their personal data via a ‘Data Subject Access Request’.
• Individuals have a right to be forgotten and personal data
corrected or deleted.
• Individuals must give consent to an organisation to process
personal data. This is given by the parent in the case of those
Group members under the age of 13, and by the Group member in conjunction
with the parent in the case of those aged between 13 and 18.
Information set out under the terms of the legislation:
Every member of the Group is deemed to be a ‘data subject’,
irrespective of age.
The data subject is determined to be the member of the Group rather
than the parent/guardian of that Group member but since we will
be holding some measure of personal data for the parent (name and
telephone number) we undertake to hold that data in the same secure
manner and use this data only in the same manner as outlined within
The ‘data controller’ for the Group is deemed to be
the Group Scout Leader.
The ‘data processor’ for each section is the section
leader for that section. Under the legislation, the data processor
is responsible for the use, retention and disposal of data
Data Subject Access Requests
Requests to review the personal data held by the Group within the
records described within this document must be made to the Data
Controller in writing.
These will be dealt with as quickly as possible and within a target
of 2 weeks. The Nominated Data Processor will not normally be able
to deal with such requests.
Those wishing to exercise their right to have their data corrected
should follow the same procedures. It should be noted that the only
data held by the Group has been provided by data subjects, or by
their parents on their behalf. We do not hold any personal data
from any other source.
Those wishing to exercise their right to be forgotten and have their
data deleted should contact the Data Controller as above and requests
will be dealt with in the same manner.
All data breaches, or suspected data breaches, must be reported
immediately to the Data Controller for investigation.
Under 18’s data
• Under the legislation, only those over the age of 13 are
deemed to be data subjects.
• However, we treat the personal data of all young people
(under the age of 18) in the same manner within the Group.
• Parental permissions are always sought at the point of joining
• For those who join the Group before the age of 13, permissions
given by the parent is deemed to continue as from their 13th birthday
but the data subject (young person) then acquires the same rights
as all other data subjects set out above.
• For those who join the Group aged 13 or over, a signature
box is now included on the enrolment form for signature giving the
Group permission to use your data in the specified manner.
The Group does not hold any personal data for adults within the
Group electronically, other than the information with regard to
the Compass system. The responsibility for managing Compass is deemed
to rest with the Scout Association, and management of it locally
is deemed to rest with Doncaster Danum District Scouts Council.
The same data rights, retention and use policies and security measures
apply to this data as for under 18 members of the Group.
What data do we hold?
Personal information provided via the Group enrolment form, completed
on first entry to the Group and when moving sections:
• Contact information (both standard and emergency)
• Date of birth
• Medical information
• Permissions & signatures
From time to time activity permissions forms will be used with reference
to specific events. These will be paper forms designed to capture
and manage specific items of data ahead of events. These capture
the same information as outlined above. These forms remain in the
possession of the event leader during the event and only used in
the case of emergency. Following the event, the Data is securely
disposed of, as detailed below.
Security of paper forms whilst on camps and at other outside events.
We have a legal requirement to keep our data safe and secure. However,
in the event of an emergency, it also needs to be easily accessible.
As such all camp/activity leaders need to have easy access. In a
camp environment this balance can be difficult to achieve. Having
a locked box in a tent does not meet this requirement, equally locking
the documents in car boot could delay ‘emergency access’
or the car could be stolen! We will make reasonable endeavors to
keep the records safe, whilst enabling emergency access, this will
be determined by the camp/activity leader.
With regard to events organised by Doncaster Danum Scout District
or South Yorkshire Scout County, a standard format paper form is
used to gather the same information outlined above. This form is
provided by and managed by the District or County. These forms remain
in the possession of a group Leader during the event and are only
used in the case of emergency. Following the event, the Data is
securely disposed of, as detailed below
What do we use this data for?
Standard enrolment information is entered in to the OSM system.
This is used as a reference guide for Leaders, and in case of emergency.
The paper form will securely disposed of, as detailed below.
This is information is not shared with any 3rd party (with the possible
exception of medical staff in the event of an emergency) and is
used for reference and in case of emergency only.
Activity forms are taken to the event and used for registration
and in case of emergency only.
As a Group we never pass data onto any 3rd parties and have no reason
to do so. Data will never be sold.
At Scouting events, evenings and activities, photographs are taken
for the sole use of promoting positive Scouting. The images will
be shared via each section's Facebook page and the Group’s
website. Once shared the images are deleted.
Access to systems
Access to the Group records has been reviewed and is restricted
to members of the Leadership team with a need to access personal
data, primarily those set out as data processors.
Spreadsheets created by Leaders for section evenings and individual
events are managed by those Leaders and access restricted to those
Leaders who require this information for the evening or event.
As a volunteer organisation it must be recognised that electronic
records are accessed via machines not owned or controlled by the
Group and which are the personal property of adults within the Group.
All adults within the Group who have been granted access to these
electronic records are regularly reminded about the need for system
security, the use of strong and secure passwords, and ensuring that
access is not possible by anyone else using their machine.
Data retention and disposal policy
Data held will be maintained only for the period during which the
young person is an active member of the Scout Group. Once they leave
the Group this will be securely disposed of ( exception –
see Gift Aid below).
On moving between sections, this data will be transferred between
On transferring to other Groups this data will be deleted and new
records will be need to be created by the receiving Scout Group.
On receiving transfers from other Groups a new record will be created
and no electronic data will be received by our systems.
Paper enrolment forms will be kept securely for 6 months following
the last active involvement in Scouting. They will then be destroyed
in a secure manner.
This also applies to those young people moving between sections
where a new enrolment form is created. The form held by the previous
section will be destroyed after 6 months.
Activity permissions forms will be retained for 1 month following
the event and then destroyed in a secure manner.
Registers for evenings will be retained for a minimum of 24 months
and then are deleted.
Images are shared as soon after the event as possible, and then
are deleted from the device.
Gift Aid collection forms and data will be securely held by the
Group to enable us to claim Gift Aid for membership fees and donations.
We have a legal obligation to retain this information for 7 years
after the last claim which references the young person and tax payer.
Communication with parents is on an information basis governed by
permissions granted via the enrolment form with no marketing or
sales implications. Therefore standard marketing preferences and
permissions governed by GDPR regulations in the commercial world
do not apply.
All current adult members of the Group have been instructed to identify
any records containing personal data which they may hold electronically
or in paper format and report these to the Group Scout Leader as
part of a pre-GDPR audit. These records will then be deleted and
destroyed if they fall outside of those systems or constraints outlined
During Section and Group events and activities, members of our leadership
team, other members of the Scout Association and members of the
public may be taking still and moving pictures. Pictures used by
the 68th outside of the event/activity will only be used in accordance
with Scout Association guidelines. Pictures taken by our leadership
team may be used during and after the event/activity in local or
national Scout Association publications, and in local newspapers,
on websites or in other social media channels.
For larger District and County events local newspapers and TV stations
may also attend to provide external media coverage and members of
the press will be accompanied at all times by a member of the event
or activity staff/leader team. We will seek your specific permission
if we wish to use your/your child’s picture name with any
picture in any promotional or advertising material.
Anyone attending any Section, Group, District or County
event or activity, or giving permission for their child/ward to
attend an event or activity should note that attendance at the event
or activity signifies their consent for pictures of themselves/their
child to be used in line with the above policy.
If you have specific concerns in this regard, please contact the
Section Leader for the activity