Introductory guide to data sharing
11 April 2017
Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external third parties. However, if the data being shared by an organisation is “personal data”, additional steps need to be taken to ensure the sharing of such personal data is lawful.
This guide covers some of the relevant issues to consider before entering into any data sharing arrangement to help ensure your arrangement is compliant with the data protection legislation in the UK.
For the purpose of this guide, any references to data sharing shall be references to the sharing of personal data.
Prior to any data sharing, it is important to establish:
a) the identity of and relationship between the parties (including whether the personal data is being shared between two or more data controllers , or between a data controller and a data processor , or between a data processor and a sub-processor );
b) the type of personal data being shared;
c) the legal grounds for sharing such personal data; and where the relevant parties are based.
d) where the relevant parties are based.
This is because different rules apply depending on whether the parties are data controllers or data processors, where theparties are located and sectors in which the parties operate.
Please click 'download files' to read the full update.