Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct):

  • What is the sharing meant to achieve?
  • What information do we need to share?
  • Could we achieve the objective without sharing the data or by anonymizing it?
  • What risks does the data sharing pose to individuals?
  • Is it right to share data in this way?
  • What would happen if we did not share the data?
  • Are we allowed to share the information?
  • Who requires access to the shared personal data?
  • When should we share it?
  • How should we share it?
  • How can we check the sharing is achieving its objectives?
  •  Do we need to review the DPIA?

Read the full draft code of conduct.