With regard to personal data stored on Compass, The Scout Association is a Data Controller in Common with Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries. Data Controller’s in Common may each use and access a shared database but each remains responsible for the personal data within its own control and capacity. Accordingly, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) or Countries remain responsible for ensuring that their handling of personal data locally is in compliance with the Data Protection Act and the General Data Protection Regulations (GDPR) and POR (which includes uploading and maintaining such data onto Compass) and The Scout Association remains responsible for ensuring that its handling of personal data nationally is also in compliance with the Data Protection Act, GDPR and POR (including its particular responsibilities for data held on Compass – see Chapter 2).
Whilst the general data protection responsibilities of both parties towards the data it handles are similar in nature, there are differences according to the level of control each has over the data e.g. whilst The Scout Association will not be responsible for how personal data is handled locally, likewise, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) or Countries will not be responsible for the technical or security aspects of Compass which are not within their control.