We provide fun, challenge and adventure to
over 400,000 girls and boys across the UK
a a a  A A
Disclosures Compass POL Print Centre

GDPR toolkit

Version 2, September 2018

Data protection is a key responsibility for anybody that has access to the personal data of individuals.

This guidance material has been designed to help you understand the legislation applicable for data protection and provide tooling for alignment to the legislation.

Following feedback on the GDPR Toolkit, the Scouts have redesigned this guidance to be more step based with bite size materials that can be used in isolation. This includes the simplification of the previous GDPR Framework to line up with the new steps-based guidance.

There are 12 steps as part of this guidance. To keep track of your progress through the material you can use the GDPR Alignment Checklist. As you are working through these 12 steps you may identify risks in the way you are operating. The GDPR Risk Register can be used to assist in tracking these risks.

Answers to frequent questions that have been received at the Scouts UK headquarters have been collated and can be found here.

In addition to the 12 steps guidance provided by UK headquarters, local Scout Groups, Districts, and Counties/Areas/Regions (Scotland), are able to procure a Data Protection Support Service direct from Black Penny Consulting, who are the Scouts headquarters Data Protection Officer (DPO). This service has been created in partnership with the Scouts to provide a DPO backed service desk that local Scout Groups, Districts and Counties/Areas/Regions (Scotland) can use for advice, guidance and reactive support for data breaches. To find out more please visit the Black Penny Consulting website here.

The 12 steps in this guidance are broken down as below:

Step 1

What do I need to know about GDPR – Introduction to the GDPR and key terms to be aware of

Step 2

Who is responsible for what – Exploration of the roles within the GDPR and what they mean

Step 3

Appointing a data protection lead – The benefits of a data protection lead and what services are available.

Step 4

Understanding data subjects’ rights – Exploring the rights of data subjects and how to respond to these rights

Step 5

Gathering data – Examples and tooling for the creation of best practice surveys and forms

Step 6

Data discovery – Exploring the data you have and how to look for it

Step 7

Keep a record – Recording the data you have and the processes you use to gather it

Step 8

Check your security – Looking at the ways you can secure data and keeping a record of the security in place

Step 9

Third parties – Discovering and recording the third parties you use

Step 10

Publish your privacy stance – Examples and tooling to help create privacy notices and statements

Step 11

Delete and destroy – Making sure you only keep data as long as you need it and how you should get rid of it

Step 12

Responding to a breach – Understanding what a breach is and how to deal with it


© Copyright The Scout Association 2020. All Rights Reserved.
Charity Numbers 306101 (England and Wales) and SC038437 (Scotland).
Registered address: The Scout Association, Gilwell Park, Chingford, London, England E4 7QW