The Scout Association, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries as separate charities/organisations, are each Data Controllers under the Data Protection Act and General Data Protection Regulations (GDPR). Each is responsible for the personal data it handles. Scout Group, District, County/Area/Region (Scotland) and Country Executive Committees, as the Charity Trustees, are responsible for ensuring that proper systems are in place locally for their relevant Group, District, County/Area/Region (Scotland) or Country and that any personal data is collected, managed, shared, kept and generally handled locally in compliance with the Data Protection Act and GDPR.
The same applies to The Scout Association’s Board of Trustees who, as Charity Trustees, are responsible for ensuring that proper systems are in place for The Scout Association. Local Scouting must comply with the Data Protection Act and GDPR when using The Scout Association’s Membership System ‘Compass’. Please see Chapter 2 of Policy, Organisation & Rules.