Sharing personal data

It is likely that at some stage you will be required to with another organisation either because you are transferring or receiving it. Unauthorised disclosure can result in significant fines. This section will provide practical guidance about when you can with other organisations and what measures you must put in place when doing so, including when you will need a data sharing or , when you can outside the and the impact of Brexit on your data transfers.

The rules about sharing personal data

  1. 1.When can I share personal data?
  2. 2.Can I share someone's personal data if I am a data processor?
  3. 3.Can I share someone's personal data to fulfil an order they have placed?
  4. 4.What does a legitimate interest to share someone's personal data mean?
  5. 5.Can I share someone's personal data if I have a legitimate interest in doing so?
  6. 6.Can I share someone's personal data if I have their consent?
  7. 7.Can I share someone's personal data if the law requires me to?
  8. 8.Do I need to carry out a data protection impact assessment before I share personal data?

Sharing personal data outside the UK

  1. 9.What implications did Brexit have for sharing personal data outside the UK?
  2. 10.Can I share personal data outside the UK?
  3. 11.Can I share personal data outside the UK on a website?
  4. 12.Can I share anonymised personal data outside the UK?
  5. 13.Can I share personal data outside the UK to a company that is in the same group as mine?
  6. 14.What are the restrictions on transferring personal data outside the UK?
  7. 15.Can I share personal data with countries in the EEA?
  8. 16.How can I send personal data from the UK to the EEA?
  9. 17.How can I receive personal data from the EEA?
  10. 18.What does an EU Commission adequacy decision mean?
  11. 19.What are UK adequacy regulations?
  12. 20.What are appropriate safeguards that will allow me to make a transfer of personal data outside the UK?
  13. 21.What are UK Binding Corporate Rules?
  14. 22.What are Standard Contractual Clauses?
  15. 23.What are the exceptions to the restriction on the transfer of personal data outside the UK?
  16. 24.How did Brexit affect personal data transferred to me from an EEA country before the end of the transition period?

Key obligations when sharing personal data

  1. 25.What are my obligations when sharing personal data?
  2. 26.What does compatibility of data sharing when I share personal data mean?
  3. 27.What does only sharing necessary personal data mean?
  4. 28.Do I have to make sure the personal data I share is accurate?
  5. 29.How long can I keep the personal data that someone has shared with me for?
  6. 30.What security measures must I have in place when sharing personal data?
  7. 31.What systems and procedures will I need to put in place when sharing personal data?
  8. 32.What contractual safeguards will I need to put in place when sharing personal data?
  9. 33.What should my privacy policy say about sharing personal data?
  10. 34.How does Brexit affect what my privacy policy should say about sharing personal data?
  11. 35.What should my privacy policy say if the data I share comes from a third party?
  12. 36.Do I always need to provide privacy information if the data I share comes from a third party?
  13. 37.What is the Data Sharing Code of Practice?

Data processing agreements and data sharing agreements

  1. 38.What is a data processing agreement?
  2. 39.What is a data sub-processor?
  3. 40.Can I share personal data with a data sub-processor?
  4. 41.Do I need a contract to share personal data with a data sub-processor?
  5. 42.Can I share personal data with another data controller?
  6. 43.Do I need a contract to share personal data with another data controller?
  7. 44.What is a data sharing agreement?
  8. 45.What type of agreement do I need for data sharing within my group?
  9. 46.How does Brexit affect which authority I deal with when sharing personal data within the EEA?
  10. 47.What happens if another business that I have shared data with breaches its data protection obligations?
  11. 48.Am I liable as a data controller if data has been shared and there has been a data breach?
  12. 49.Am I liable as a data processor if data has been shared and there has been a data breach?
  13. 50.Who is responsible for responding to data subject requests when personal data has been shared?

Letter to party who has been supplied with data to confirm its correction

This template letter to a party who has been supplied with data to confirm its correction will allow you to produce a letter to be sent to anyone you have shared personal data with which you have subsequently had to correct or complete after a request from the individual whose data you have shared. If you have shared the personal data with any other people or organisations, you must take reasonable steps to attempt to inform them about the correction you have made. If you have shared the data widely, you will need to be satisfied you have done all you reasonably can to notify others of the correction. You do not have to make disproportionate efforts to do so, but you should at least take steps to contact other organisations you have shared the data with. This letter will help you to take those steps. You can also get this template letter as part of the Data subject request toolkit .
£10 + VAT

Letter to party who has been supplied data to confirm its deletion

This letter to a party who has been supplied data to confirm its deletion will allow you to produce a letter to be sent to anyone you have shared someone's personal data with, and you have subsequently had to delete that data after a request from the individual concerned. If you have shared the personal data with other individuals or businesses, you must take reasonable steps to tell them about the deletion request and that you have deleted the data as a result of it. If you have shared the data widely, you will need to be satisfied that you have done all you reasonably can to notify the others. You can also get this template letter as part of the Data subject request toolkit .
£10 + VAT
See all solutions