ICO publishes new data sharing code of practice

The Information Commissioner’s Office (ICO) has published a new data sharing code of practice. The Code is a statutory code of practice which the ICO is required to produce under the Data Protection Act 2018. The ICO will consider the Code when assessing whether an organisation has complied with the law when sharing personal data.

How we got here

The first data sharing code was published by the ICO in 2011. Since then, UK data protection law has changed significantly with the introduction of the GDPR and the Data Protection Act 2018. Organisations are now under more onerous rules compared to previous data protection regimes. Additionally, in light of the COVID-19 pandemic, there has been an increase in the type of organisations which are required to comply with data sharing rules. For example, cafes, restaurants and pubs are now having to share personal data to help combat the spread of the virus. The Information Commissioner, Elizabeth Denham, has said: “I have seen first-hand how sharing data between organisations has been crucial to supporting and protecting people during the response to the COVID-19 pandemic.”

Features of the Code

The Code is intended to be a practical guide for organisations, whether in the public, private, or third sectors, on how to share personal data in compliance with UK data protection law. The focus of the Code is on data sharing between controllers – data sharing with processors is not covered. The Code also seeks to explain the benefits of data sharing whilst dispelling misconceptions and barriers to data sharing. Guidance on data sharing agreements, compliance with the data protection principles, respecting individual rights are all addressed along with good practice recommendations. The ICO has also provided updated data sharing checklists and data sharing request and decision form templates.

Next steps

The first draft of the new Code went out to public consultation in July 2019. After gathering views and evidence from a wide range of organisations, the ICO published the Code on 17 December 2020. The Code has now been submitted to the Secretary of State who is now required to lay the Code before Parliament for approval. Whilst Parliament should approve the Code as soon as reasonably practicable, it will remain before Parliament for 40 sitting days. If there are no objections, the Code will come into force 21 days after that period.

While the Code is not expected to gain approval until February 2021, it forms part of a wider initiative by the ICO to provide clear guidance on data sharing. The ICO has launched a ‘data sharing information hub’ which includes resources and support on data sharing that organisations can access to gain quick and easy information and practical guidance.

How can we help?

For further information on data sharing, please get in touch with a member of our specialist GDPR & Cyber Security team.

Latest updates from @MacRoberts

  • MacRoberts is recruiting! We currently have a vacancy for a Senior solicitor/associate to join our Private Client… https://t.co/nTGY8Irf5S 10 hours ago
  • This week on our new IGTV mini-series, giving an insight into what it’s like to begin a legal career during the pan… https://t.co/giTipHUGgd 23/06/2021
  • Would you like to work at one of Scotland’s leading law firms? We currently have a number of opportunities availabl… https://t.co/atxn5NHzLj 21/06/2021
  • We currently have a vacancy for a Customer Due Diligence Administrator based in Glasgow or Edinburgh. Please shar… https://t.co/IXsvMkBnYa 18/06/2021
  • Maya Forstater received a lot of media attention around her tweets relating to her beliefs about sex, resulting in… https://t.co/VbDAGhzAqX 18/06/2021
  • Applications for our traineeships starting in 2023 are now open! Get your legal career off to the best possible sta… https://t.co/nx3WmygTTM 18/06/2021
  • RT @DundeeAndAngus: Leading Scottish commercial law firm, @MacRoberts has advised BAM on the ‘game-changing’ Atlantic Square development in… 16/06/2021
  • This week on our new IGTV mini-series, giving an insight into what it’s like to begin a legal career during the pan… https://t.co/tqSQy4tRqG 16/06/2021
  • Self-employed status: What does the Uber case really mean? 🚖 Kenny Scott explains what the recent ruling means for… https://t.co/SIt6iBNYPx 16/06/2021
  • What is the Scottish #gin industry doing to improve #sustainability? Following #WorldGinDay celebrations over the w… https://t.co/P4d0oPh54U 15/06/2021
  • The European Commission has adopted & published versions of two new sets of Standard Contractual Clauses. What ch… https://t.co/c8nMQEo6uk 15/06/2021
  • What impact could Ireland High Court's decision to reject an action by Facebook to block an inquiry by the Irish… https://t.co/leiseQnxYe 14/06/2021
  • Wishing all of our followers a happy #WorldGinDay! ICYMI: Earlier this week, we were delighted to catch up with… https://t.co/OJ85qOwAhN 12/06/2021
  • We're #hiring! We have a #vacancy for a Senior #Solicitor or Associate to join our IP, Technology & Commercial team… https://t.co/YWbpcD0eFD 10/06/2021
  • Dealing with an employee's misconduct when that employee contends it is linked to a disability can be tricky - read… https://t.co/Gy1dLbrwPk 09/06/2021