Professional Documents
Culture Documents
data-sharing-and-subject-access-checklist-report
data-sharing-and-subject-access-checklist-report
data-sharing-and-subject-access-checklist-report
report
8 July 2024
Overall rating
Your overall rating was red.
10: Not yet implemented or planned
0: Partially implemented or planned
0: Successfully implemented
0: Not applicable
In order for the sharing of personal data to be considered fair and lawful
the Data Protection Act 1998 imposes a requirement on organisations to
explain to individuals how they will use personal data which they collect
and who they will share it with. In such data sharing contexts it is
important to explain:
Guidance
Your policies, procedures and guidance should set out how staff ought to
respond to sharing requests in the appropriate manner. You should:
Guidance
Suggested actions
You should:
Your business maintains a log of all your decisions to share personal data
and you review this regularly.
Suggested actions
You should:
Guidance
Guide to the UK GDPR – Lawful basis for processing, ICO website
Your business has a data sharing agreement (DSA) with any party you
routinely share personal data with or transfer large quantities of data to.
You review these agreements regularly.
Suggested actions
You should:
Guidance
Suggested actions
You should:
explain who you are, why you are going to share personal data and
who you are going to share it with – this could be actual named
organisations or types of organisation; and
provide further information if some aspects of this sharing would
not be in the “reasonable expectations” of the individual.
Guidance
Suggested actions
You should:
Your business has a documented process for dealing with requests for
personal data that all your staff are aware of and you have effectively
implemented.
Suggested actions
You should:
implement a documented process for dealing with requests for
personal data efficiently and in accordance with data protection
legislation; and
ensure management has approved the process and make it readily
available to staff.
Guidance
Suggested actions
You should:
Guidance
Your business monitors and reviews all requests for personal data and,
where necessary, implements additional measures to improve
compliance.
Suggested actions
You should:
Guidance
You can download this report as a Word document using the button on
the top right corner of the page. If you have a problem downloading the
report into a Word document please let us know.
Thank you for completing this checklist. Please complete our short
feedback survey to help improve our toolkit.
Back