The ICO exists to empower you through information.

The following report has been created based on the answers you submitted to the stage two questionnaire. Within the report you will be given a number of actions to undertake.

This will include recording decisions you have made. To do so, download the form using the pink download button, save it to your device and make the amends in Word.

You may also be instructed to read ICO guidance to help you make a decision or to have further discussions with the law enforcement authority requesting the data.

Since many of the risks that may arise from data sharing are context specific, we cannot include an exhaustive or definitive list of issues to consider. Assessing the risk in the context of your processing activity forms part of your responsibility as a controller. You should not view this toolkit as a pathway to absolute compliance with data protection law, but as a starting point for what you will need to consider.

Feedback

We are committed to continuing to develop this and other toolkits in order to facilitate effective and compliant data sharing. In order to this, we are seeking your feedback on what works well with the toolkit and what could be improved. We will assess this feedback on a regular basis in order to make changes and improvements to the toolkit. Please consider completing our feedback survey.


 Record details of the sharing 

(Fill in the details below)

Name of the organisation requesting the data: 

Personal data being requested:

What law enforcement purposes is the information required for (eg the prevention / detection of a crime):

Please explain why it is neccessary to share the personal data that has been requested:

Record your lawful basis decision

You indicated that legal obligation is your lawful basis for sharing this personal data.

The legal obligation you are relying on must be laid down in law. This means that the overall purpose must be to comply with a legal obligation which has a sufficiently clear basis in either common law or statute.

You should be able to identify the obligation in question, either by referring to the specific legal provision or by pointing to an appropriate source of advice or guidance that sets it out clearly. For example, you can refer to a government website or to industry guidance that explains generally applicable legal obligations.

You must record your reasons and justifications for making this decision and this should include how it meets the points above.

Further guidance                                    

Condition

Your reasons for making this decision

Legal obligation

 

 

 

 

 

Record your decisions about the data protection principles

In order to share data with any organisation, you must be confident that the sharing complies with all the data protection principles.

You indicated that you are confident the sharing complies with the principles. You should now record your decisions. 

Principle

Is the sharing compliant? (Y/N)

Your reasons for making this decision

Can you share the data in a way that is fair and transparent?

 

                       

Is sharing the data limited to a specific purpose?    
Is the data you intend to share adequate, relevant and limited to what is necessary for the requested purposes?     
Is the data you intend to share accurate and up to date?    
Can it be shared securely?    

Meet your accountability requirements

The final data protection principle is the accountability principle. This makes you responsible for complying with the data protection legislation and says that you must be able to demonstrate your compliance. You should have in place appropriate technical and organisational measures to meet the requirements of accountability such as:

  • adopting and implementing data protection policies;
  • taking a ‘data protection by design and default’ approach;
  • putting written contracts in place with organisations that process personal data on your behalf;
  • implementing appropriate security measures;
  • recording and, where necessary, reporting personal data breaches; and
  • maintaining documentation of your processing activities.