Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Data sharing agreements

You arrange and regularly review appropriate data sharing agreements with parties with whom you routinely share personal data.

Ways to meet our expectations:

  • You agree data sharing agreements with all the relevant parties and senior management sign them off.
  • The data sharing agreement includes details about:
    • the parties' roles;
    • the purpose of the data sharing;
    • what is going to happen to the data at each stage; and
    • the standards set (with a high privacy default for children).
  • Where necessary, procedures and guidance covering each organisation’s day-to-day operations support the agreements..
  • If your organisation is acting as a joint controller (within the meaning of Article 26 of the UK GDPR), you set out responsibilities under an arrangement or a data sharing agreement and you provide appropriate privacy information to individuals.
  • You have a regular review process to make sure that the information remains accurate and up to date, and to examine how the agreement is working.
  • You keep a central log of the current sharing agreements.

Can you answer yes to the following questions?

  • Are staff with sharing responsibilities aware of the process?
  • Is there contingency built into the process if something goes wrong or if people aren’t available to perform their role?
  • Would staff say the decision-making is maintained or appropriately delegated?