Skip to main content

Volunteering at Scouts is changing to help us reach more young people

Volunteering is changing to help us reach more young people

Volunteering is changing at Scouts. Read more

Discover what this means

Welcome and Personal Data

Welcome and Personal Data


The EU’s General Data Protection Regulation (GDPR) is in force from 25 May 2018. Not being aligned with GDPR could result in serious penalties and damage to the finances and reputation of Scouting. This training will provide you with an understanding of what GDPR means for you and your Scout Group, District and County.
Note: In some parts of the UK, Scout Counties are known as Areas or Regions. For ease of reading, this e-learning module simply refers to Counties.

Personal Data

Discover the key principles to the General Data Protection Regulations (GDPR) and what ‘personal data’ means within Scouting. (6 mins)

The new GDPR legislation has a very broad definition of ‘personal data’ so you could be processing more data than you think. In this section, you’ll find out about the guidelines that Scout Groups, Districts and Counties need to follow when it comes to controlling and processing people’s personal data.

There are some key terms at the heart of GDPR that help bring the purpose and impact of the legislation into focus.

GDPR takes a very wide view of what personal data means, defining it as “any information relating to an identified or identifiable natural person.”

This means that organisations now need to provide the same level of protection for digital information, such as data stored through websites, as they do for data such as names, addresses and contact details.

A data subject is the individual whom particular personal data is about. In Scouting this would include young people, parents/carers and adult volunteers. Deceased individuals or those who cannot be identified or distinguished from other individuals do not count as data subjects.

A data controller decides how personal data will be used, and often processes this information. A data processor, on the other hand, processes personal data on behalf of a controller under specific written instructions.

A Scout Group, District or County is a data controller, with the responsibility resting with the relevant Executive Committee to ensure alignment with GDPR is maintained. Another organisation or individual instructed to process (rather than just collect) data by a Scout Group, District or County is a data processor.

The Information Commissioner’s Office (ICO) guides, advises and educates organisations on how to align with GDPR. It also has the power to issue penalties and fines for non-alignment. The Scout Association is registered with the ICO.

Download the PDF

The GDPR workbook is available download and print.

Download the GDPR Workbook