Skip to main content

Volunteering at Scouts is changing to help us reach more young people

Volunteering is changing to help us reach more young people

Volunteering is changing at Scouts. Read more

Discover what this means

Consent

Contents

Consent

Find out how GDPR is addressing this issue in a way that provides more protection for individuals. (5 mins)

The issue of consent has always been at the core of data protection law. In this section, you’ll find out how GDPR is addressing this issue in a way that provides more protection for individuals.

While being online or using your phone, have you ever worried about unknown individuals who may have access to your personal data? GDPR addresses this sort of concern by aiming to limit such access and protect individuals from exploitation and identity theft.

Under GDPR, consent is all about offering individuals genuine choice and control over the processing of their personal data. Previously, organisations were able to rely on ‘opt-out’ consent, but under the new legislation, organisations must provide very clear statements about what people are consenting to.

GDPR defines consent as:

“Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

So, 'consent' means an individual has given clear and unambiguous indication, either by statement or by another means, to agree to the processing of their personal data.

Seven steps to consent

Here are seven steps you can take to help ensure that your local Scout Group, District and County is gaining consent from your members in a way that is aligned with GDPR.

The name of your Scout Group, District, or County and the names of any third parties relying on the consent you’re obtaining must be made clear, along with the reasons why you need the data and what you’re planning to do with it.

Consent should be separate from other terms and conditions and should only be sought if someone has a genuinely free choice whether to opt in or out.

You must keep evidence of the consent you’ve obtained – the who, when, how and what you told people.

GDPR makes it very clear that you can no longer rely on silence, inactivity, pre-ticked boxes, opt-out boxes, default settings or blanket acceptance of your terms and conditions as evidence of consent. For it to be legitimate, individuals must have provided you with a very clear and specific confirmation of their consent.

GDPR strongly encourages using granular options to consent wherever appropriate. This means giving individuals different options so they can choose whether they want to consent to specific types of communication such as postal marketing, text or email.

You need to let people know that they have the right to withdraw their consent at any time and how they can do this. It must be as easy to withdraw consent as it was to give it, so you need to have simple and effective withdrawal mechanisms in place.

Local Scout Groups, Districts and Counties must obtain consent from a parent or carer to process the data of a young person.

Marketing

Advertising for new members could include events, email campaigns and canvassing. GDPR requires that you are clear who you are marketing to and that you are using lawful processing as grounds to contact them. This needs to be evidenced as either consent (they opted in), physical events/canvassing, or legitimate interest – your use of data must be necessary and should not override their interests or fundamental rights. This means it should be more positive for them than negative.

What is legitimate interest?

Communications about our programme, the rules and guidance, the events we hold and resources we use to run Scouting are a legitimate interest for all members of Scouting. They count as legitimate interest because, in some way, they support the individual in their Scouting role. Communications that provide offers, discounts, partnerships or promoted competitions are marketing and, therefore, require opt-in consent.

For more information about legitimate consent, please visit GDPR.

The consent you’re obtaining must be made clear, along with the reasons why you want the personal data and what you’re planning to do with it

  • Keep consent separate from other terms and conditions
  • Keep evidence of the consent you’ve obtained
  • Acquire ‘positive opt-in’ consent
  • The option to provide ‘granular’ consent should be available
  • Let people know that they have the right to withdraw their consent at any time, and how they can do this
  • If you offer a paid online service to children, you will need to obtain consent from a parent or carer to process the child’s data.

 

 

Download the PDF

The GDPR workbook is available download and print.

Download the GDPR Workbook
Prev
Individual's Rights
Next
Accountability and governance