The Information Commissioner’s Office (ICO), which regulates data protection in the UK, provides guidance as to the procedures in the event of a security breach which will be followed by The Scout Association.
This guidance should also be followed by Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries who, as part of their responsibilities for data protection awareness, should incorporate these into their general handling data of the personal data they are responsible for. More guidance on what do locally if there is a data breach can be found in the GDPR toolkit.
To ensure consistency, any actual or potential data breach concerning the use of Compass should be reported to The Scout Association UK Headquarters.
A Breach Notification Form (available for download by Executive Committees from the GDPR toolkit) should passed to The Scout Association via the following email address dpa.alert@scouts.org.uk.
NOTE – This email address is only for reporting a breach and there will be no remediation guidance as a direct result. The information will be used by The Scout Association to monitor any trends in breaches being reported and update the GDPR Toolkit with further guidance.