Introduction
Contents
- Introduction
- Step 1: What do I need to know about data protection?
- Step 2: Who is responsible for what?
- Step 3: Appointing a Data Lead
- Step 4: Understanding data subjects' rights
- Step 5: Gathering data
- Step 6: Data discovery
- Step 7: Keep a record
- Step 8: Check your security
- Step 9: Third parties
- Step 10: Publish your privacy stance
- Step 11: Delete and destroy
- Step 12: Responding to a breach
Introduction
Data protection is a key responsibility for anybody that has access to the personal data of individuals.
This guidance material has been designed to help you understand the legislation applicable for data protection and provide tooling for alignment to the legislation.
Following feedback on the GDPR Toolkit, the Scouts UK Headquarters (UK HQ) have redesigned this guidance to be more step based with bite size materials that can be used in isolation. This includes the simplification of the previous GDPR Framework to line up with the new steps-based guidance.
During this guidance material, local Scout Groups, Districts and Counties/Areas/Regions (Scotland) will be collectively referred to as ‘Scout Units’.
There are 12 steps as part of this guidance. To keep track of your progress through the material you can use the GDPR Alignment Checklist. As you are working through these 12 steps you may identify risks in the way you are operating. The GDPR Risk Register can be used to assist in tracking these risks.
The 12 steps in this guidance are broken down as below:
Step 1: What do I need to know about GDPR – Introduction to GDPR and key terms to be aware of
Step 2: Who is responsible for what – Exploration of the roles within GDPR and what they mean
Step 3: Appointing a Data Lead – The benefits of a Data Lead
Step 4: Understanding data subjects’ rights – Exploring the rights of data subjects and how to respond to these rights
Step 5: Gathering data – Examples and tooling for the creation of best practice surveys and forms
Step 6: Data discovery – Exploring the data you have and how to look for it
Step 7: Keep a record – Recording the data you have and the processes you use to gather it
Step 8: Check your security – Looking at the ways you can secure data and keeping a record of the security in place
Step 9: Third parties – Discovering and recording the third parties you use
Step 10: Publish your privacy stance – Examples and tooling to help create privacy notices and statements
Step 11: Delete and destroy – Making sure you only keep data as long as you need it and how you should get rid of it
Step 12: Responding to a breach – Understanding what a breach is and how to deal with it
Useful resources