Appoint a Data Protection Lead
It’s a great idea to appoint a member of your Group Executive Committee to lead on ensuring that GDPR is understood in your Scout Group and that good practice is understood and carried out.
The role of the Data Protection Lead is to:
- inform and advise the adults in your Scout Group about their obligations to comply with the GDPR and other data protection laws
- monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments and ensure that an information audits is carried out
- be the first point of contact for data enquires and individuals whose data is processed, these include:
– Breach Impact Assessments
– Data Subject Access Requests
– Breach Responses, internally, externally (data subjects) and the ICO.
Your Data Protection Lead must be independent – this means that they do not process data on behalf of your Scout Group. But they can be an existing member of your Group or can be externally appointed. In some cases, it might be a good idea to have the same Data Protection Lead for a number of Scout Groups in your area.