We provide fun, challenge and adventure to
over 400,000 girls and boys across the UK
a a a  A A
Disclosures Compass POL Print Centre

GDPR Toolkit

Version 2, May 2018

This step by step GDPR toolkit includes 'how to' videos and support materials prepared by Black Penny Consulting to help local Scouting, and specifically local Executive Committees, to guide each Group, District and County/ Area/ Region to work towards alignment to the GDPR.

The GDPR toolkit is a self-service guide and leads Executive Committees through the data privacy life cycle in steps. In February 2018 we shared a document entitled 'What is GDPR?' which is the first stage of step 1.

Data privacy life cycle

Step 1 - How to assess your data

a – Read What is the GDPR (15 minutes)
b – Watch video guides (30 minutes) [You can download the video guides below]
c – Complete the GDPR framework [updated 11 May] using the how to guide for assistance (2 hours)

Step 2 - How to manage your data risks

a - Read best practice guide [updated 11 May] (30 minutes)
b - Contact third party processors (1.5 hours)
c - Agree and distribute local data breach response plan [updated 11 May] (45 minutes)

Frequently asked questions

11 May 2018 - Following feedback, the GDPR Toolkit has been updated to include the following:

Further reading

A data breach response plan [updated 11 May] for Executive Committees
A data breach can happen at any time and vary in severity, this guide assists local Executive Committees manage data breaches with a simple process to follow and a templated GDPR breach notification form [updated 11 May] to use.

A guide to GDPR subject access request process [updated 11 May] for Executive Committees
Data subjects are entitled to ask for the information held on them by organisations; known as Data Subject Access Request (DSAR) and this guide assists local Executive Committees manage these requests with a simple process to follow and templated forms to use.

Download the GDPR framework video guides here: Video 1 | Video 2 | Video 3 | Video 4 | Video 5 | Video 6

Data protection is a wide-ranging subject and is regulated by the Information Commissioner's Office which produces a large amount of relevant guidance. If you have any queries or if in any doubt, members should check the guidance provided by the ICO on its website as this is the best and most direct source of relevant information on data protection.

As a reminder, Scout Groups, Districts, Counties/ Areas/ Regions and Countries are separate charities and The Scout Association, as a national charity, is not accountable for the respective alignment of the GDPR of each individual charity. Responsibility to be aligned with the GDPR rests with the respective Executive Committee, and it’s our intention to sign-post appropriate resources to support local Scouting in fulfilling this important responsibility. We will update materials from time to time so please refer back to this GDPR toolkit for the latest version.

Each adult Member and Associate Member must also ensure that they comply with data protection law when handling any personal data.

Privacy and data protection - a key policy for Scouting

The Scout Association’s commitment to protecting privacy and data protection has been adopted as a key policy for Scouting. This key policy underpins both this Data Protection Policy and other associated policies used by The Scout Association, local Scouting and its membership.


© Copyright The Scout Association 2021. All Rights Reserved.
Charity Numbers 306101 (England and Wales) and SC038437 (Scotland).
Registered address: The Scout Association, Gilwell Park, Chingford, London, England E4 7QW