You arrange and regularly review appropriate data sharing agreements with parties with whom you routinely share personal data.
Ways to meet our expectations:
- You agree data sharing agreements with all the relevant parties and senior management sign them off.
- The data sharing agreement includes details about:
- the parties' roles;
- the purpose of the data sharing;
- what is going to happen to the data at each stage; and
- the standards set (with a high privacy default for children).
- Where necessary, procedures and guidance covering each organisation’s day-to-day operations support the agreements..
- If your organisation is acting as a joint controller (within the meaning of Article 26 of the UK GDPR), you set out responsibilities under an arrangement or a data sharing agreement and you provide appropriate privacy information to individuals.
- You have a regular review process to make sure that the information remains accurate and up to date, and to examine how the agreement is working.
- You keep a central log of the current sharing agreements.
Can you answer yes to the following questions?
- Are staff with sharing responsibilities aware of the process?
- Is there contingency built into the process if something goes wrong or if people aren’t available to perform their role?
- Would staff say the decision-making is maintained or appropriately delegated?