| Link(s): https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/12/ico-publishes-new-data-sharing-code-of-practice/ |
Context
The ICO has issued its data sharing code of practice providing practical advice to businesses and organisations on how to carry out responsible data sharing https://ico.org.uk/for-organisations/data-sharing-a-code-of-practice/
Key points to note
- The code provides practical guidance on how to share personal data in compliance with data protection law
- The code should be used to assess how data is shared and to review and, if required, update data sharing agreements
- The code is mainly aimed at organisations that are data controllers sharing personal data
- The code does not impose any additional barriers to data sharing but will assist firms in complying with the GDPR and Data Protection Act 2018 (DPA)
- When considering sharing data, the ICO recommends:
- Carrying out a data protection impact assessment
- Having a data sharing agreement in place as good practice
- The ICO also reminds firms to follow the key principles in data protection legislation:
- Demonstrate accountability and compliance with the regulations
- Share data fairly and transparently
- Identify at least one lawful basis for sharing data
- Process personal data securely with the appropriate technical and organisational measures in place
- The ICO has provided a data sharing checklist for use https://ico.org.uk/for-organisations/data-sharing-a-code-of-practice/annex-a-data-sharing-checklist/
- The ICO will take the code into account when considering the questions of fairness, lawfulness, transparency, and accountability under the GDPR and DPA in the use of its enforcement powers
- The ICO advises that non-compliance with the code may make it more difficult to demonstrate that data sharing is fair, lawful, accountable and complies with the law