12 practical steps to help your scout group achieve General Data Protection Regulation compliance

Twenty years ago the world was a very different place. The reach of technology was limited, and the way organisations and companies collected, processed and used personal data was very different to today.


The changes that have happened over the last two decades have forced the European Union (EU) to review the old legislation and bring it up to speed with the modern era.

In scouting we collect and process lots of personal data from young people (and their families), adult volunteers and the public. This could be anything from names, addresses, telephone numbers right through to more sensitive personal data such as religion, ethnicity and disabilities. As a result, it’s important that the adults in your Scout Group are aware of the new rules and what you collectively need to do to comply with them.

The new rules (legislation) are call the General Data Protection Regulation and are often referred to as GDPR. GDPR requires the personal data you collect and hold to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

While this is great news for individuals, it presents challenges for scouting at all levels. With this in mind, we have put together this guide to GDPR to provide you with an insight into how the changes affect your local scouting practices and to helping you carry out the step you need to complete to ensure your Scout Group complies.

Please Note: that these documents are provided as examples of the approach to GDPR compliance taken within South London Scout County and are provided on a 'best efforts' basis in a spirit of mutual cooperation.

Greater London South Scout County provides no guarantees that use of these documents and materials will assure compliance with the 2017 UK Data Protection Act or EU GDPR and bears no responsibility for their use.

There are a few simple steps your scout group needs to take to ensure you comply with the new rules and it’s not as difficult as you may think…

  1. Know the law – which you now do, so that’s one thing you’ve done already!

  2. Know who is responsible for what? – Understand the difference data controller, data processor and data protection lead in your scout group

  3. Appoint a data protection lead – Ask someone to be the lead for data protection in your scout group 

  4. Keep a record of the personal data you hold and why.

  5. Identify why you have personal data and how you use it.

  6. Delete/destroy data you no longer need

  7. Check your security. This can include locking filing cabinets and password-protecting any of your devices and cloud storage that hold your member’s personal data.

  8. Understand people’s rights - be aware of the 7 rights that your members have regarding their personal data

  9. Publish your privacy notice - Ask yourself: before I collect their datado I clearly tell people why I need it and how I will use it? 

  10. Gain consent - when appropriate, ask your members and adults before you collect certain information or use it in certain circumstances

  11. Have a plan - in case people use their rights regarding the personal information you hold about them.

  12. Develop a process to make sure you know what to do if you breach data protection rules.

CLICK HERE to download our GDPR compliance checklist 

Don’t panic: we’re here to help. We have provided lots of support and templates to help you in each step below: 

It may seem overwhelming at first, but we will take it one step at a time...