The ICO exists to empower you through information.

This second stage of the toolkit helps you assess if you can share the data lawfully and securely. It also prompts you to consider the amount of data you are sharing and the accuracy of that data.

It focuses on the seven data protection principles. The principles are a fundamental building block for data protection compliance and should be at the core of any decision to share personal data. If you need more information about the seven data protection principles, you can find this in the ICO’s guide to the GDPR.

You will need to work through all of the questions. The answers you provide in this stage of the toolkit will generate a report at the end, that assists you in meeting your accountability requirements.  You should download, fill in and save that document as a record of your decisions and justifications.

When answering the questions, please don’t use the back arrow on your computer to return to the previous page. Instead use the ‘back’ button / arrow in the toolkit itself.


Is it lawful to share the personal data?

6. Have you identified a lawful basis for sharing this personal data?

In order to comply with the first data protection principle the sharing has to be lawful, fair and transparent. To be lawful you need to have a 'lawful basis' before you share any personal data.