The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Data sharing policies and procedures

Your organisation’s policies and procedures make sure that you appropriately manage data sharing decisions, eg through a DPIA.

Ways to meet our expectations:

  • You have a review process, through a DPIA or a similar exercise, to assess the legality, benefits and risks of the data sharing.
  • You document all sharing decisions for audit, monitoring and investigation purposes and regularly review them.
  • Your organisation has clear policies, procedures and guidance about data sharing, including who has the authority to make decisions about systematic data sharing or one-off disclosures, and when it is appropriate to do so.
  • Your organisation adequately trains all staff likely to make decisions about sharing and makes them aware of their responsibilities. You refresh this training periodically as appropriate.

Can you answer yes to the following questions?

  • Are staff aware of their responsibilities and how to carry them out effectively? 
  • Would staff say they have a clear process to follow?
  • Is your organisation meeting their training needs?