The Information Commissioner’s Office (ICO) is in the final stages of a new data-sharing code of practice.
The code will be a “practical guide for organisations” about how to share personal data “in compliance with data protection legislation.”
It explains the law and provides good practice recommendations, and the ICO said that the code “will be statutory” once laid before Parliament.
Following it, along with other ICO guidance, will help organisations to manage risks; meet high standards; clarify any misconceptions an organisation may have about data sharing, and give them the confidence to share data appropriately and correctly.
This code covers the sharing of personal data between organisations which are controllers. It includes when you give access to data to a third party, by whatever means.
Data sharing can take place in a routine, scheduled way or on a one-off basis. When needed, data can be shared in an urgent or emergency situation.
The new code of practice will explain and advise on changes to data protection legislation where these changes are relevant to data sharing as well as addressing many aspects of the new legislation including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities.
Before drafting the code, Information Commissioner Elizabeth Denham launched a call for views in August 2018, seeking input from people and various organisations such as trade associations and those representing the interests of individuals. This was followed by a public consultation in 2019. The ICO says it will publish the responses together with a summary when the code is finalised.
- HMRC reported 11 data breaches to the ICO in 2019/2020
- Sponsored | New Veeam backup launched for Microsoft Office 365
- Leader Insights | The great privacy debate with Sorcha Lorimer, Founder of Trace
The ICO’s data-sharing code comes off the back of its other recent announcement of a new Children’s Code to help protect children online.
As part of the Age Appropriate Design Code, organisations that provide online services and products likely to be accessed by children up to age 18, will be given one year to make the necessary changes to put children’s privacy at the heart of their design.