Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: gdpr - sigh and haha

  1. #1
    Senior Member big chris's Avatar
    Join Date
    Jan 2005
    Posts
    12,009
    Thanks
    1,707
    Thanked 3,164 Times in 1,343 Posts

    gdpr - sigh and haha

    i have been asked to look at gdpr for my new group.

    I do it for work and it is all pretty easy so i'm ok with that

    I went to compass to look at how they do gdpr privacy policy, sar etc. (all we did at work was copy best practice from similar larger, richer companies - so copying some of what TSA do makes sense)

    if you click on the link to the data protection info on compass, all you get is a link to the toolkit for groups and a sales pitch for Black Penny Consulting!

    no privacy policy, no cookie policy, no SAR info, no DPO contact details.

  2. The Following 3 Users Say Thank You to big chris For This Useful Post:

    Neil Williams (26-09-2018),PaulArthurs (26-09-2018),shiftypete (26-09-2018)

  3. #2
    Senior Member Mark's Avatar
    Join Date
    Apr 2003
    Location
    Ruislip Middlesex
    Posts
    763
    Thanks
    2
    Thanked 28 Times in 22 Posts
    I had the same 'challenge' - ended up googling and adapting / plagarising someone else's
    Mark
    You can contact Mark via www.4theastcotescouts.org.uk

  4. #3
    Senior Member big chris's Avatar
    Join Date
    Jan 2005
    Posts
    12,009
    Thanks
    1,707
    Thanked 3,164 Times in 1,343 Posts
    I eventually found the policy on scouts.org.uk and it is a weird mix of internal and external policies.

    Appallingly written

    Sent from my ONEPLUS A5010 using Tapatalk

  5. The Following 2 Users Say Thank You to big chris For This Useful Post:

    London Scouter (28-09-2018),scoutgamer (30-09-2018)

  6. #4
    Senior Member bernwood's Avatar
    Join Date
    Jan 2013
    Location
    Thame, Oxon
    Posts
    1,611
    Thanks
    223
    Thanked 307 Times in 204 Posts
    GDPR for my company, we have just started password protecting any files we send over the net to each other that has any sensitive material in it. People as usual are reading way too much complication into this.

  7. #5
    Senior Member
    Join Date
    Sep 2009
    Posts
    9,818
    Thanks
    2,567
    Thanked 1,908 Times in 1,206 Posts
    Quote Originally Posted by big chris View Post
    I eventually found the policy on scouts.org.uk and it is a weird mix of internal and external policies.

    Appallingly written
    I personally wouldn't touch Blackpenny with a barge pole given what they have produced.

  8. The Following 3 Users Say Thank You to Neil Williams For This Useful Post:

    big chris (27-09-2018),itchen (26-09-2018),shiftypete (27-09-2018)

  9. #6
    Senior Member
    Join Date
    Mar 2011
    Location
    East Anglia
    Posts
    117
    Thanks
    8
    Thanked 23 Times in 14 Posts
    As always, writing policies is easy. The challenge is putting them into practice.

    There was a lot to quibble about the Black Penny toolkit but it did at least provide a basis for having a sensible discussion about what was actually required for the group. Even having been GSL for eight years, I learned a great deal about what data was being held at section level, how it was being stored and used etc.

  10. #7
    Senior Member
    Join Date
    Sep 2009
    Posts
    9,818
    Thanks
    2,567
    Thanked 1,908 Times in 1,206 Posts
    Quote Originally Posted by garethhowell View Post
    As always, writing policies is easy. The challenge is putting them into practice.

    There was a lot to quibble about the Black Penny toolkit but it did at least provide a basis for having a sensible discussion about what was actually required for the group.
    It was a starting point, but it was grossly inadequate and unprofessional and should have been so much more had we gone to a properly professional outfit (expert legal practice in the area) instead of a tin-pot two-man startup like BP.

  11. #8
    Keith at 2M Keith at 2M's Avatar
    Join Date
    Jan 2007
    Posts
    906
    Thanks
    60
    Thanked 157 Times in 88 Posts
    Sorry to bring the subject up again but can someone please clarify

    1) What are we supposed to do with Leaders who don't complete the mandatory Training by 31st December?

    2) Do emails that copy in 20+ leaders breach GDPR - we have two schools of thought - one its effectively an internal email so is fine, OR the addresses are Private data and should not be shared. (Presumably its ok if the sender just uses the [email protected] addresses we're busy setting up). Personally, I read the training that it was a breach so just bcc everyone to keep it safe, but this does prevent the old Reply all responses that clog up our inboxes and/or create interesting debates
    The Roman Empire did not become great by holding meetings. It did so by killing everyone that opposed their point of view.

  12. #9
    Senior Member
    Join Date
    Mar 2014
    Location
    Leeds
    Posts
    320
    Thanks
    59
    Thanked 86 Times in 50 Posts
    Quote Originally Posted by Keith at 2M View Post
    Sorry to bring the subject up again but can someone please clarify

    1) What are we supposed to do with Leaders who don't complete the mandatory Training by 31st December?
    Dismal lack of guidance from HQ on this. As far as I know, there isn't anything you're supposed to do. However, for existing leaders it's basically Ongoing Learning, and Appointments Process 7 indicates that failing to keep Ongoing Learning up to date is possible grounds for cancellation/non-renewal of an appointment. This is something you can do rather than an obligation though.

    I suspect we'll get some more guidance on the 31st...

    Quote Originally Posted by Keith at 2M View Post
    2) Do emails that copy in 20+ leaders breach GDPR - we have two schools of thought - one its effectively an internal email so is fine, OR the addresses are Private data and should not be shared. (Presumably its ok if the sender just uses the [email protected] addresses we're busy setting up). Personally, I read the training that it was a breach so just bcc everyone to keep it safe, but this does prevent the old Reply all responses that clog up our inboxes and/or create interesting debates
    I think if all leaders already know each other or could have access to that information, then it's fine. Alternatively, is there a reason that they need to be able to reply-all or need to see the replies other people send? If leaders will only ever need to reply to the person sending the email and won't need to see any of the other replies, BCC seems more appropriate.

  13. #10
    Senior Member
    Join Date
    Nov 2010
    Posts
    3,726
    Thanks
    1,310
    Thanked 1,027 Times in 747 Posts
    1) Depends on how jobs-worthy people are up the line. (So no change with anything POR-related really...)

    2) We only BCC with parents. We've been CC'ing leaders for years. The only reasons I can think of to stop would be daft bureaucratic-nonsense, so we continue as we are.

  14. #11
    Senior Member
    Join Date
    Mar 2014
    Location
    Leeds
    Posts
    320
    Thanks
    59
    Thanked 86 Times in 50 Posts
    Quote Originally Posted by pa_broon74 View Post
    1) Depends on how jobs-worthy people are up the line. (So no change with anything POR-related really...)
    Call me a job's worth, but if we've set a deadline on something then there really does need to be some action if that deadline isn't met. This is the issue with setting deadlines in general with volunteers though - you need them more than they need you so any threat of action probably lacks teeth.

    Sent from my Pixel 2 using Tapatalk

  15. The Following 2 Users Say Thank You to Darren-M For This Useful Post:

    PaulArthurs (05-12-2018),pa_broon74 (05-12-2018)

  16. #12
    Senior Member Kastor's Avatar
    Join Date
    Aug 2005
    Posts
    3,381
    Thanks
    122
    Thanked 553 Times in 307 Posts
    Quote Originally Posted by Keith at 2M View Post
    1) What are we supposed to do with Leaders who don't complete the mandatory Training by 31st December?
    We've been told that anyone without a valid GDPR won't be able to do anything requiring a permit. So no camps or climbing etc.

    Yet another straw to add to the camel
    To get more kids we need more adults - are we getting the message yet?

  17. #13
    Senior Member
    Join Date
    Mar 2014
    Location
    Leeds
    Posts
    320
    Thanks
    59
    Thanked 86 Times in 50 Posts
    Quote Originally Posted by Kastor View Post
    We've been told that anyone without a valid GDPR won't be able to do anything requiring a permit. So no camps or climbing etc.

    Yet another straw to add to the camel
    This seems odd. There's an argument for suspension in general, and I guess the amount of data handled for a camp means there's an argument to suspend NAPs, but general AAPs seems odd.

    What's the sanction to normal leaders who don't hold permits? Can they bob along as normal?

    Sent from my Pixel 2 using Tapatalk

  18. #14
    Scout Leader (Bosun) Nick's Avatar
    Join Date
    Aug 2005
    Location
    Thatcham, Berkshire
    Posts
    793
    Thanks
    24
    Thanked 128 Times in 70 Posts
    I went to a Scouting meeting a few months back where I was told that unless I signed a piece of paper to say they could use my email address I couldn't receive the minutes of the meeting I had been at! GDPR is intended to stop the abuse of emails addresses not stop all emails, some time ago this was explained very clearly on the BBC by the Deputy Information Commissioner - if he doesn't give the correct advice then nobody will.
    Last edited by Nick; 05-12-2018 at 04:48 PM.

  19. The Following 2 Users Say Thank You to Nick For This Useful Post:

    big chris (06-12-2018),PaulArthurs (05-12-2018)

  20. #15
    Senior Member
    Join Date
    Nov 2010
    Posts
    3,726
    Thanks
    1,310
    Thanked 1,027 Times in 747 Posts
    Quote Originally Posted by Kastor View Post
    We've been told that anyone without a valid GDPR won't be able to do anything requiring a permit. So no camps or climbing etc.

    Yet another straw to add to the camel
    That sounds like a local rule to me. I've read here that leaders will getting their appointments cancelled... But I don't think that'll happen. TSA will quietly let it slide. If anything untoward occurs, they can say the had a deadline blah blah blah...

    - - - Updated - - -

    Quote Originally Posted by Nick View Post
    ...some time ago this was explained very clearly on the BBC by the Deputy Information Commissioner - if he doesn't give the correct advice then nobody will.
    Mmm...


Page 1 of 2 12 LastLast

Similar Threads

  1. Gdpr
    By abram_akela in forum Scouting Talk
    Replies: 178
    Last Post: 11-07-2018, 03:13 PM
  2. Dropbox and GDPR
    By oneiros in forum Scouting Talk
    Replies: 42
    Last Post: 01-06-2018, 01:19 PM
  3. [Answered] Sigh! Images - you know where !
    By Mallah in forum UK Chief Commissioner Questions (CLOSED)
    Replies: 2
    Last Post: 26-02-2013, 06:37 PM
  4. Still in the USA.... sigh
    By karenseascouts in forum Scouting Talk
    Replies: 7
    Last Post: 07-04-2009, 02:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •