Eve Lakin (pictured), from Cheshire’s Poole Alcock Solicitors, explains the new Data Sharing Code proposed by the ICO, what it means for businesses and how to prepare for its implementation.
Late in 2020 the Information Commissioner’s Office (ICO) put before the Secretary of State the new Data Sharing Code. As yet, we do not have an implementation date for the new Code.
Nonetheless, it is certainly worth working towards compliance sooner rather than later as the Code provides useful clarification on your existing data protection obligations.
The Code applies to any business (including sole traders) that transfers personal data to another entity also acting as a data controller (i.e. joint controllers or independent controllers). It covers one-off as well as on-going transfers of data.
The aim of the Code is to give practical guidance to ensure that personal data is shared fairly, transparently and safely. It does not introduce any new barriers to data sharing but rather provides guidance on how to share data compliantly. When it is in force, the code will be taken into account when deciding if you have complied with your data protection obligations.
So what should you do to get ready for the Code?
- Consider how data is being shared by your organisation.
- Document your lawful basis for your processing (including data sharing) and make sure it appears in your privacy notice.
- Consider carrying out a Data Protection Impact Assessment for higher risk data sharing (for example sharing health data).
- Make sure you have appropriate technical and organisational measures to transfer data safely.
- Consider implementing data sharing agreements before transferring data.
If you need advice on the new Code or data protection more generally please contact Eve Lakin via email or on 01270 619689.