General Data Protection Regulations

Introduction

GDPR is a set of regulations governing the collection, storage, processing and disposal of personal data. Companies and organisations should be GDPR compliant by 25th May 2018.

This document outlines how this affects your local Scouting website and may change over time as the regulations matures.




Scout Association Resources

Each Scout Group, District, Region or County, needs to have their own GDPR Policy and Procedures. Your Executive Committee is responsible for your GDPR compliance. Here is some useful resource provided by the Scout Association:




GDPR Consent to Store and Process Personal Details

You need consent from individuals to hold and use their personal details. There are some key changes to how this has been done historically, as below:

  • Out-In: Individuals must opt-in to give consent for their details to be stored and processed, rather than just not opting out. The tick box can't be pre-ticked and it can't be mandatory to tick it.
  • Double opt-in: Individuals should be asked for their consent twice, to ensure that they have fully understood what they're giving consent for.
  • Privacy Policy: Individuals need to understand what they're opting in to. The policy needs to have some specific information which includes how you collect, store, use, update and delete personal data. It also includes their right to access their information.



Changes to Your Website

A number of tools have been added to your Scouts Online website to assist you with GDPR. These are outlined below:

1) Contact Forms:

  • A new Opt-In setting has been added to the Contact Form control. When set, the form will show a tick box and configurable text will be shown at the bottom of the form, similar to this:
    GDPR Tick box and Policy text link
    To change the default text, login as a Site Admin user, move to a contact form and edit the text in the usual way.
  • The standard agreement tick box and text, which is mandatory when shown, has been vertically aligned with new GDPR consent field.
  • Both tick boxes are shown in orange when un-ticked to encourage visitors to tick them.
  • Another setting has also been added for Double Opt-In. If set, the “Confirm Your Details” page is shown after the form is submitted.
  • Where your website uses the default settings for any contact forms, the GDPR Consent tick box will be shown. The double opt-in setting will not be shown at the moment though, as it's too early to see whether this will be widely adopted by other companies. You can override these settings in the normal way.

2) Privacy Policy:

  • A new page has been added to show your Privacy Policy.
  • Scouts Online cannot offer legal assistance or advice, but the page has been setup with some generic sample policy text as a default. This is supplied without any legal assurance.
    We expect this default policy will be updated as time goes on. If you have any suggestions/updates/grammar changes/etc., please contact us.
  • We strongly recommend that you edit this privacy policy to match your own requirements and procedures.
  • This page is linked in the GDPR consent tick box text. It should therefore contain everything that you want website visitors to sign-up to.
  • You can navigate to the Privacy Policy page using www.YourDomainName /Management /PrivacyPolicy.aspx

3) Double Opt-In / Confirm Your Details:

  • This new page allows you to cover your double opt-in requirement and assist with the data quality aspect of GDPR. GDPR Confirmation
  • This page is shown after a contact form is submitted (if the form is setup for GDPR Double Opt-In) and will be pre-filled with the details from the initial form.
  • You could also link this page into an email to parents and others to confirm their basic contact details and re-affirm GDPR consent. You can navigate to the Privacy Policy page using www.YourDomainName /Management/ ConfirmYourDetails.aspx.
  • The details will be sent to your default form recipient or whoever is set to receive the initial contact form.

4) OSM Application Form Integration

For group websites with OSM application form integration switched on, you may now choose to reduce the personal details sent via email. Just un-tick the “Send Detailed Email Too?” field in Admin/Group Details/OSM Integration Settings to receive a notification email, instead of full details.




Scouts Online's Compliance

Scouts Online has spent a number of months updating processes, procedures and documentation in preparation for GDPR. A summary of GDPR information is included in the following pages:

  • Privacy Policy: A Privacy Policy has been added to the Scouts Online marketing website HERE.
    The policy describing the data stored and processed by Scouts Online relating to customers and prospective customers.
  • Terms and Conditions: These have been updated to include an outline of GDPR policy HERE.

The Scout Association has created a Third-Party Processors compliance checklist, linked HERE. Scouts Online have completed this form and we can send you a copy on request.