<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    5 Steps to Stay GDPR Compliant When Sharing Data

    Published on 29 Dec 2017 by Lynne Callister

    The sharing of personal data by businesses and organisations within Europe is subject to the GDPR. For any organisations sharing personal data with another organisation, they need to be thinking about the regulatory implications.

    Consider the healthcare provider who passes the patient's medical history onto a consultant in readiness for an operation. Or, a finance company who shares data with a credit rating agency to establish creditworthiness. GDPR requires that they need permission from the individual first to share that data.

    Now that the initial buzz of GDPR has faded, we thought it would be time for a refresher on how to stay compliant when sharing data under GDPR.

    5 steps to stay compliant when sharing data under GDPR

    1. Consider legitimacy - why are you sharing data in the first place? What are you hoping to achieve? Is it justified? Is the data sharing proportionate? What and how much data will be shared? With whom?
    2. Weigh up the benefits versus the risks - What are the benefits and risks in sharing or not sharing the information? Remember, if there is a high risk to the rights and freedoms of data subjects, conduct a Data Protection or Privacy Impact Assessment.
    3. Ascertain whether you have the right to share information - for example, what type of organisation do you work for, what relevant powers or functions does it have, what is the nature of the information you're planning to share (e.g. is it confidential, especially sensitive, etc), and is there a legal obligation (such as a legal requirement, a court order, a safeguarding duty, etc).
    4. Develop sharing protocols and agreements - is there any sharing protocol or agreement currently in place with the third party? How frequently is information shared with them? What information will you give to data subjects about this? At what point and how will this be communicated? What specific measures (e.g. encryption) are in place to maintain security?
    5. Keep data up-to-date and accurate - how will you ensure that the data you have shared remains up-to-date and accurate? Who is responsible for doing this (the company doing the sharing or the recipient company)? What arrangements are in place if data subjects want to access it? How long should the data be retained by each party, and what processes are required to ensure it is deleted by all parties when it is no longer needed?

    Free GDPR Self Assessment Questionnaire

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More
    Highest FCA Fines of 2019

    The FCA issued a record total of £392 million in fines in 2019. In fact, the two largest fines in 2019 were larger than the 2018 totals. We've analysed they key corporate and individual fines in ...

    Read More
    Why a Blended Approach Drives Engagement & Learning Outcomes

    It is critical that you provide training that engages your learners, but should that be face-to-face, e-learning, mentoring or something else? We explain how to blend for success... Whilst compliance ...

    Read More