On July 16, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), opened a consultation on a data sharing code of practice. The consultation closes on September 9, 2019.
The data sharing code is a practical guide for controllers sharing personal data. It gives guidance on the applicable law and provides good practice recommendations.
It includes practical tips on data sharing agreements, which shall help out in setting the purpose of data sharing, cover what is to happen to the data at each stage, and demonstrate accountability under the General Data Protection Directive, GDPR. Controllers should also policies and procedures that allow data subjects to exercise their individual rights.
The code explains how the GDPR data protection principles apply to data sharing practices. In particular, it give guidance on the accountability principle, the fairness and transparency principle, the use of lawful bases for sharing personal data.
The draft code helps controllers to keep in mind some security considerations when sharing data.
The code also highlights how the ICO has several powers – and a duty – to take action for a breach of the GDPR or the Data protection Act 2018 (DPA). The ICO may use assessment notices, warnings, reprimands, enforcement notices and penalty notices (administrative fines). For serious breaches of the data protection principles, the ICO may issue fines of up to €20 million or 4% of the organization’s annual worldwide turnover, whichever is higher.
The Code includes several Annexes, which include useful case studies.
More information on the ICO’s consultation on the draft data sharing code of practice is available at https://ico.org.uk…