The ICO Data Sharing Code Example
The ICO’s Data Sharing Code of Practice was enacted on 5 October 2021. It was laid before Parliament on 18 May 2021 and issued on 14 September 2021 under the DPA (Data Protection Act) 2018.
Its goal is to enable responsible data sharing by setting up best practices.
How can you achieve responsible data sharing? What should be in the contract? When do you need a contract? The ICO Data Sharing Code example answers these questions.
Responsibilities When Sharing Data
Data sharing means sending data, receiving data, or both. So, it can lead to many economic and social benefits, including more significant growth, technological innovations, and the delivery of more efficient and targeted services.
Information Commissioner Elizabeth Denham said the COVID-19 pandemic brought the need for fair, transparent, and secure data sharing into an even sharper focus.
I have seen first-hand how sharing data between organizations has been crucial to supporting and protecting people during the response to the COVID-19 pandemic.”
What should be in a data sharing agreement?
Most organizations transfer data, whether between entities within the group or with external third parties.
However, if the data being shared by an organization is “personal data”, additional steps need to be taken to ensure the sharing of such personal data is lawful.
These agreements identify the parameters which govern the collection, transmission, storage, security, analysis, re-use, archiving, and destruction of data.
According to the ICO, a data transfer agreement should include details about:
- the parties’ roles
- the purpose of the data sharing
- what is going to happen to the data at each stage
The ICO Data Sharing Code
The new ICO’s Data Sharing Code replaces the previous code from 2011, published in relation to the Data Protection Act 1998.
The new Code primarily addresses data sharing by controllers and guidance on sharing personal data fairly, lawfully and in compliance with the accountability principle.
Information Commissioner Elizabeth Denham said:
“We have written this Data Sharing Code to give individuals, businesses and organizations the confidence to share data in a fair, safe and transparent way in this changing landscape.
This code will guide practitioners through the practical steps they need to share data while protecting people’s privacy.
We hope to dispel many of the misunderstandings about data sharing along the way.”
The regulator will also increase its engagement with organizations to help them understand the code and promote its benefits.
Advice on Data Sharing
Before sharing data, it is essential to establish:
- the identity of and the relationship between the parties
- the type of personal data being shared
- the legal grounds for sharing such personal data
- where the relevant parties are based.
Furthermore, organizations need to ensure that any data transfers are properly documented, including in the Register of Processing Activities.
Unlawful data sharing can have enormous consequences and fines.
It could lead to bad publicity and have adverse impacts on brand value, consumer confidence and business profit.
TrustArc can help you ensure your data sharing arrangement is compliant with the data protection legislation in the UK or the country your organization is based.