<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    sharing data under gdpr

    Companies share our personal data all the time. Consider the healthcare provider who passes the patient's medical history on to a consultant in readiness for an operation. Or, a finance company who shares data with a credit rating agency to establish creditworthiness.

    Of course, both situations may be legitimate but that's not always true, as these examples show:

    Therefore, it's always good practice to check first before sharing personal information with third parties.

    Follow these 5 steps to stay compliant when sharing data under GDPR:

    1. Consider legitimacy - why are you sharing data in the first place? What are you hoping to achieve? Is it justified? Is the data sharing proportionate? What and how much data will be shared? With whom?
    2. Weigh up the benefits versus the risks - What are the benefits and risks in sharing or not sharing the information? Remember, if there is a high risk to the rights and freedoms of data subjects, conduct a Data Protection or Privacy Impact Assessment.
    3. Ascertain whether you have the right to share information - for example, what type of organisation do you work for, what relevant powers or functions does it have, what is the nature of the information you're planning to share (eg is it confidential, especially sensitive, etc), and is there a legal obligation (such as a legal requirement, a court order, a safeguarding duty, etc).
    4. Develop sharing protocols and agreements - is there any sharing protocol or agreement currently in place with the third party? How frequently is information shared with them? What information will you give to data subjects about this? At what point and how will this be communicated? What specific measures (eg encryption) are in place to maintain security?
    5. Keep data up-to-date and accurate - how will you ensure that the data you have shared remains up-to-date and accurate? Who is responsible for doing this (the company doing the sharing or the recipient company)? What arrangements are in place if data subjects want to access it? How long should the data be retained by each party, and what processes are required to ensure it is deleted by all parties when it is no longer needed?

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    9 ways to reduce the risk of bribery and corruption

    Corruption affects all countries, rich and poor. It causes instability, inequality, and poverty, eroding national wealth. Despite the UK Bribery Act coming into force in 2011 as one of the toughest ...

    Read More
    Highlights from the GDPR 2019 Summit

    Almost a year on from the implementation of the GDPR, Skillcast held a breakfast forum for its clients at South Place Hotel. During this session, Skillcast gave a breakdown of the new GDPR Library of ...

    Read More
    Compliance Essentials News - May 2019

    Here's a selection of the most informative compliance news stories this month - regulatory announcements, market studies, and stories about compliance lapses and downright disregard of ...

    Read More
    FCA Compliance News - May 2019

    Here's a selection of news stories from the last month that touch upon the people dimension of regulatory compliance. Select the links or scroll down for more details. 3 firms and 5 individuals are ...

    Read More