Introduction
As required by the UK Data Protection Act 2018 (DPA 2018), the UK’s data protection regulator the Information Commissioner’s Office (ICO) is currently updating its existing data sharing code of practice. As part of that process the ICO has opened a consultation for interested parties on the draft revised code that the ICO has prepared.
What is data sharing all about?
Organisations may choose to share personal data with others for various reasons, e.g. with a third party to be used for joint purposes or to pass personal data to a third party for it to use for its own purposes. Typically the arrangements for data sharing would be set out in an agreement between the parties in question. Any such arrangements must be in line with data protection requirements, including the EU General Data Protection Regulation (GDPR) and the DPA 2018. The existing ICO code provides guidance on ensuring that data sharing is compliant with the rules.
What has the ICO done?
According to the ICO, the revised code will address many aspects of the new legislation including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities. Prior to revising the code, the ICO launched a call for views in August 2018; a summary of the responses can be found on the ICO’s website.
According to the ICO, the draft revised code “continues to provide practical guidance in relation to data sharing and promotes good practice in the sharing of personal data. It also seeks to allay common concerns around data sharing.” In addition to accounting for legislative changes, the revised code also deals with technical and other developments that have had an impact on data sharing since the publication of the previous code.
The revised draft code (a 105-page document) can be found here https://ico.org.uk/media/2615361/data-sharing-code-for-public-consultation.pdf and responses to the consultation must be submitted by Monday 9 September. The consultation consists of 16 questions – for more see here https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-consultation-on-the-draft-data-sharing-code-of-practice/
Takeaways
If organisations have any data sharing arrangements in place they should consider revising them once the ICO’s data sharing code has been finalised and is in place.
For other articles that we have written about data protection compliance please see here: https://www.corderycompliance.com/category/data-protection-privacy/
For more information please contact André Bywater or Jonathan Armstrong who are commercial lawyers with Cordery in London where their focus is on compliance issues.
André Bywater
Office: +44 (0)207 075 1785
andre.bywater@corderycompliance.com
Office: +44 (0)207 075 1784
jonathan.armstrong@corderycompliance.com