Data Protection

Girlguiding Surrey East Data Protection Policies

 Girlguiding Surrey East takes seriously its responsibilities under data protection law. To ensure as a charity we comply with data protection legislation in the UK, we have a number of policies and procedures. As we are part of Girlguiding, we have chosen to adopt their policies and procedures, and amended them where this appropriate. Details are given below.

Policy 1 – Managing information policy

 Girlguiding Surrey East adopts in full Girlguiding’s Managing Information Policy for all county-held data. This is because as Girlguiding members we are already required to follow it. The policy can be found here: https://www.girlguiding.org.uk/making-guiding-happen/policies/girlguiding-policies/managing-information-policy/

Policy 2 – Handling personal data policy

Girlguiding Surrey East County Appointment Holders and the County Administrator do sometimes have a legitimate reason for collecting data outside of Girlguiding’s collection forms. This policy sets out the reasons when this may be appropriate, and the steps county appointment holders and the county administrator must take to remain within the law.

The Girlguiding Surrey East policy can be found here:  Handling Personal Data

Procedure 3 – Data breach procedure

Girlguiding Surrey East will follow Girlguiding’s data breach procedure, which can be found here: https://www.girlguiding.org.uk/making-guiding-happen/policies/girlguiding-policies/reporting-a-data-breach-procedure/ with an additional requirement to inform the County Commissioner when reporting a data breach.

Procedure 4 – Managing a data breach procedure

In the event of a data breach concerning county-level data, Girlguiding Surrey East will cooperate fully with Girlguiding HQ who will lead on managing the situation.

The Girlguiding Surrey East policy can be found here: Managing a Data Breach