Data Protection Policy
page as a PDF
Girlguiding’s policies and related statements
provide a structure in which guiding can take place safely,
consistently and in accordance with legislation. Policies
must be followed by Girlguiding’s members and by
recognised volunteers involved in delivering or supporting guiding.
These policy statements are supported by further information and
resources to ensure that our members put the policies into
Girlguiding conforms to the
requirements of the Data Protection Act 1998 when storing personal
data on its membership systems. It is the policy of Girlguiding
that all personal information will be used for guiding purposes and
only passed outside the organisation with consent from
copy of the Girlguiding Data Protection Policy can be found
Any breach of this policy
will result in withdrawal of membership and could
lead to criminal prosecution under the Data Protection Act
guidance for websites, property and paid staff can be found
Principles of Data
There are eight key principles to Data
First Principle: Personal data must be
processed fairly and lawfully.
This means that an individual whose personal
data is collected has given their consent, and understands it will
be kept and used in guiding. In guiding, consent must be given
electronically via Join Us enquiries or a signature from a parent
on the Starting form or Starting report. Those responsible for
the management of data at any level must use the systems provided
- Enquiries – Join Us
- Membership – Go!
- Recruitment – Recruitment site
- Subscription – Subscription site
- Purchasing - Girlguiding online shop
information about these systems can be found here.
Principle: Data should be obtained only for one or more
stated and lawful purposes and must not be processed in any way
incompatible with those purposes.
This means that the information collected from
potential members and members should only be collected and used for
the purposes of the delivery of good and safe guiding.
Principle: Data must be adequate, relevant and not
excessive in relation to the purposes for which they are
This means that only the information needed to
ensure members of all ages feel safe and supported can be kept.
This information should be objective and not subjective.
Principle: Data should be accurate
and, where necessary, up to date.
This means the Unit Leaders must check
regularly with parents or the young member themselves (if they are
over 14 years of age) that the data is correct and up to
date. This is achieved by running the individual details
report for each member or Go! sharing it with the parent or young
person and asking them to confirm the information is up to date.
Once confirmation is received then the paper document should be
destroyed by shredding or burning.
Principle: Data shall not be kept
for longer than is necessary for the purposes for which it is
This means that personal data such as
emergency contact reports, permission forms etc. should be
destroyed immediately after the event they needed for. The only
exception is health forms where some form of intervention has been
needed in which case the form should be retained securely for 3
years and then destroyed by shredding or burning.
Data must be
processed in accordance with the rights of data
This means that members, or the parents of
members, have the right to request any information held on them by
Girlguiding. This includes system records, emails, SMS text
scripts, voice recording or any form a data that can be linked back
to the individual. They can request this information either
directly from Girlguiding using the SAR Request form that can be
found below or via the Information Commissioners Office (ICO) be
submitting a Subject Access Request. All requests should be sent to
the Data Controller for reply.
Principle: The data controller must take appropriate security
This means that Girlguiding ensures that the
security of the Membership Systems meets industry standard and
regularly tests to ensure they are safe from external
Principle: Data must not be transferred to a country or territory
outside the European Economic Area (“EEA”) unless there are
adequate levels of protection for the rights and freedoms of data
subjects in relation to the processing of data.
This means you cannot transfer any data
outside of the EEA without the approval of the Girlguiding Data
Controller has been obtained. This would usually be for the
purposes of sharing information with other members of the World
Association of Girl Guides and Girl Scouts.
Protection Policy Appendices
Page last updated: 1/15/2016