Skip to main content
Home

Stage two - Can I share personal data with a law enforcement authority?

This second stage of the toolkit helps you assess if you can share the data lawfully and securely. It also prompts you to consider the amount of data you are sharing and the accuracy of that data.

It focuses on the seven data protection principles. The principles are a fundamental building block for data protection compliance and should be at the core of any decision to share personal data. If you need more information about the seven data protection principles, you can find this in the ICO’s guide to the GDPR.

You will need to work through all of the questions. The answers you provide in this stage of the toolkit will generate a report at the end, that assists you in meeting your accountability requirements.  You should download, fill in and save that document as a record of your decisions and justifications.

When answering the questions, please don’t use the back arrow on your computer to return to the previous page. Instead use the ‘back’ button / arrow in the toolkit itself.

 

Is it lawful to share the personal data?

6. Have you identified a lawful basis for sharing this personal data?

In order to comply with the first data protection principle the sharing has to be lawful, fair and transparent. To be lawful you need to have a 'lawful basis' before you share any personal data.

Data protection legislation sets out a number of lawful bases for sharing personal data. No single basis is ’better’ or more important than the others. The most appropriate lawful basis to use will depend on your purpose for sharing the data.

You cannot share the personal data unless you identify an appropriate lawful basis.

If you are unsure about what the lawful bases are or which one is appropriate, then click the ‘not sure’ option and you will be directed to more information and further guidance in the report at the end. If you have a data protection officer we would also recommend that you seek advice from them.