Scouting Ireland Data Protection

Scouting Ireland, Data Protection and GDPR

The General Data Protection Regulation (GDPR) legislation has brought some significant changes to the data protection system in Ireland, and this will have an impact on how Scouting Ireland, at all levels, engages with its members. It is important that every Scout Group, and every member, is aware of how these changes in the law affect the ways in which members’ personal information can be collected and used for scouting purposes.

 

What is Data Protection?

 

• Data Protection legislation is intended to protect the rights to privacy of individuals (all of us) and seeks to ensure that Personal Information is used appropriately by any third party that have it (i.e. Data Controllers).

• In essence, Data Protection relates to any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership Number, IP Address, photographs etc. These are all protected by the law.

• There are other categories of information which currently are defined as Sensitive Personal Data which require more stringent measures of protection and these categories include religion, ethnicity, sexual orientation, trade union membership, medical information etc.

 

What is GDPR?

• The GDPR is new EU legislation that comes into effect on May 25th, 2018.

• It very clearly sets out the ways in which the privacy rights of every EU citizen must be protected and the ways in which a person’s Personal Data can and cannot be used.  It places the onus on the person or entity that collects a person’s information (Data Controller) to comply with the legislation and to demonstrate compliance

Data Protection is summarised in the following 6 principles (Article 5.1).

Personal data must be:

(a)  processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”)

(b)  collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”)

(c)  adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”)

(d)  accurate and, where necessary, kept up to date (“accuracy”)

(e)  kept for no longer than is necessary ("storage limitation”)

(f)  processed in a manner that ensures appropriate safety and security of the personal data (“integrity and confidentiality”)

What does Data Protection Legislation mean for me?

• The legislation sets out rules about how this information (personal Information) can be obtained, how it can be used and how it is stored.

• Every person must give their consent for their data to be collected and processed for a specific purpose which must be communicated to them at the time the data is obtained.

• They must specifically Opt-In and must be allowed to Opt-Out at any time. They must also be given the opportunity to review the consent they have given on a regular basis (i.e. Yearly)

• Data must be kept safe and secure and must be kept accurate and up to date

• An Individual can request a copy of all of the personal data held about them (this is called a Subject Access Request) and must be allowed to have all of their data deleted or returned to them if they so wish.