Scribd Logo
Upload

Welcome to Scribd!

  • GDPR Top Tips - Dos and Don'ts: Today's Trainer

    Uploaded by

    Tom Nall
    30 views20 pages

    Original Title

    top-tips_slides

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views20 pages

    GDPR Top Tips - Dos and Don'ts: Today's Trainer

    Uploaded by

    Tom Nall

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    GDPR Top Tips

    GDPR Top Tips – dos and


    don’ts

    Insert
    your name

    Today’s trainer:
    here!

    1
    GDPR Top Tips

    GDPR – Top tips


    1. Use official Girlguiding forms and add data to the
    membership system (GO) as soon as you can.
    2. Always keep member information up to date.
    3. Only use personal data to support guiding activities.
    4. Only download or print personal information when
    absolutely necessary, using the minimum amount of
    information required.
    5. Destroy/delete personal data as soon as you have finished
    with it.
    6. Keep downloaded data on a device that is password
    protected.

    2
    GDPR Top Tips

    GDPR – Top tips


    7. Keep printed information in a secure place.
    8. Don’t share personal data unless you have consent.
    9. Follow Girlguiding’s rules for keeping and sharing data
    safely.
    10. If you lose any personal data or share it by mistake, report
    it to Girlguiding HQ straight away.

    For more guidance, see www.girlguiding.org.uk


    GDPR webpages
    For help, or to report lost data, call Data Protection
    on 020 7834 6242 extension 3060.

    3
    GDPR Top Tips

    GDPR top tips – Collecting and sharing data via


    email
    • Always explain who you are and why you’re collecting the
    information.
    • Collect and record only what you need for your purpose.
    • Make sure the information is accurate.
    • Keep personal information in a secure place.
    • Where possible, transfer the information into GO as soon as
    you can.

    4
    GDPR Top Tips

    GDPR top tips - Collecting and sharing data via


    email
    • GO information should be sent via an encrypted zip file using
    256 AES encryption.
    • Never use a shared email account to collect data.
    • If sending email messages that include fundraising or
    marketing content, ensure you have opt-in consent to do this.
    • If sending emails, use the BCC field so individual email
    addresses are not shared.

    5
    GDPR Top Tips

    GDPR top tips - Collecting and sharing data


    via phone
    • Find a private place to talk.
    • Explain who you are and why you’re collecting data.
    • Only ask for, and record, data you need.
    • Make sure information is accurate.
    • Keep personal information securely.
    • Transfer data into GO as soon as you can.
    • Securely destroy data once in GO.

    6
    GDPR Top Tips

    GDPR top tips - Collecting and sharing data


    via forms
    • Always use up-to-date official Girlguiding forms.
    • Keep completed forms securely.
    • Transfer information into GO as soon as
    you can.
    • When the form is no longer needed, destroy it securely.
    • Copies of official forms and further guidance are on the
    Girlguiding website.

    7
    GDPR Top Tips

    GDPR top tips – Printing and downloading


    data
    • Don’t include more personal data than needed.
    • Keep printouts and electronic devices in a secure place.
    • Password protect electronic devices.
    • Encrypt electronic documents containing personal data.
    • Avoid downloading data onto shared/work PCs or public
    PCs (in a library, say).
    • Delete/destroy information once no longer needed.
    • Don’t use old lists, which may be out of date.

    8
    GDPR Top Tips

    GDPR top tips – Collecting and sharing data


    via post
    • When sending personal data, don’t use the ordinary post,
    use ‘signed for’ delivery.
    • If you need to send special category data (for example
    health information) or personal data for more than ten
    people, use a ‘tracked and signed for’ service.
    • If sending special category or personal data for 100+
    people, contact the Data Protection team to discuss.

    9
    GDPR Top Tips

    GDPR top tips – Using multi-media data


    (video/photo/audio)
    • Don’t photograph or video anyone who has not given
    permission (consent).
    • Only use content collected for the purpose you stated when
    gathering consent.
    • Record where you have used photos, so if someone retracts
    their consent you can easily delete them.
    • Delete photos/video/audio and any back-ups when you’ve
    finished with them.

    10
    GDPR Top Tips

    GDPR top tips – Using social media


    • Ensure consent is in place before posting on social media.
    • Don’t accidentally share data with others.
    • Remove members who have left groups.
    • Ensure groups are ‘interest/closed’ and not public.
    • Delete the data as soon as you can, or when
    out of date.
    • Ensure social media platforms have more than one
    administrator.
    • Contact members under 14 via their parents/carers.

    11
    GDPR Top Tips

    GDPR top tips – Stop and think before sharing

    Data protection legislation doesn’t mean


    you can’t share personal data, but you have to
    do it in the right way.
    12
    GDPR Top Tips

    GDPR top tips – Retention of data

    • Keep data only for as long as it is needed.


    • Be aware of the set retention times for data in
    Girlguiding.
    • Ensure data is securely and comprehensively
    destroyed.

    13
    GDPR Top Tips

    GDPR top tips – Data breaches


    • Work to minimise the chance of breaches happening.
    • Identify a breach and report it as soon as possible. (It must
    be within 48 hours.)

    Contact the Data Protection team at Girlguiding HQ


    dataprotection@girlguiding.org.uk
    020 7834 6242, extension 3060

    • If you’re unsure if something is a breach – report it.

    14
    GDPR Top Tips

    GDPR top tips – Safeguarding


    When submitting notes on a disclosure:

    • Scan notes, password protect and email


    safeguarding@girlguiding.org.uk
    or
    • Copy and securely post to Girlguiding HQ
    (with notification form).
    • When HQ confirms receipt, securely destroy your copies.

    15
    GDPR Top Tips

    GDPR top tips – Safeguarding


    • If in doubt, don’t give out personal information.
    • You have a duty to share personal data when it is in the
    public interest or for the purposes of detecting or
    preventing a crime.
    • Know what to do if you are stepping down from a role in
    terms of handing over information.

    16
    GDPR Top Tips

    GDPR top tips – Events/trips


    • Health and consent forms to be securely destroyed.
    • If an accident has occurred, make a copy of their
    accident/incident form and health form and send the
    originals to Girlguiding HQ.
    • Securely destroy the copy once Girlguiding HQ has
    confirmed receipt of the form.
    • Ensure no data remains at venue or in transit.
    • Securely destroy all other personal data not needed after
    an event.

    17
    GDPR Top Tips

    GDPR top tips – 1st Response


    • If an accident has occurred, send their accident/incident
    form, information and consent event/activity form, the
    health form and risk assessment to Girlguiding HQ.
    • Once sent to Girlguiding HQ, you do not need to keep
    copies locally at the unit.
    • If a first aider from an external agency is supplying first
    aid, it is OK to share the injured individual’s personal
    health details.

    18
    GDPR Top Tips

    GDPR top tips – For commissioners


    1. Commissioners are vital for getting these important
    messages to units.
    2. Commissioners are likely to be seen as a key person to
    go to for initial advice.
    3. Commissioners may be asked to follow up on a query or
    a request that has been sent to a unit.
    4. Commissioners may need to help a unit make changes to
    their internal processes to keep data safe.

    19
    GDPR Top Tips

    If in doubt…

    Contact the Data Protection team at


    Girlguiding HQ
    dataprotection@girlguiding.org.uk
    020 7834 6242, extension 3060

    20

    You might also like