Skip to main content

Data sharing and subject access checklist

Your business has communicated policies, procedures and guidance to all staff that clearly set out when it is appropriate for them to share or disclose data. (optional)
More information

Your policies, procedures and guidance should set out how your staff ought to respond to sharing requests. Any sharing of data must comply with the law, be fair, transparent and in line with the rights and expectations of the individuals whose data you are sharing. Your policy should explain how you will achieve compliance with these requirements, eg monitor information sharing logs, quality assess samples of instances of sharing. Your policy should also link in with your Data protection impact assessment (DPIA) policy or process, as you should carry out a DPIA on any data sharing that poses a high risk to the rights and freedoms of individuals. You should communicate this policy to all staff, eg via your intranet.

Your business has assigned responsibility to an appropriate member of staff for ensuring effective data sharing. (optional)
More information

It is good practice to nominate a senior, experienced person to take overall responsibility for information sharing, ensure compliance with the law, and provide advice to staff making decisions about sharing. Your policy should make it clear who this person is and how to contact them. You should also provide specialist training to this individual to allow them to fulfil their role.

Your business provides adequate training on an ongoing basis for staff that regularly make decisions about whether to share personal data with third parties. (optional)
More information

It is essential to provide appropriate training to staff that are likely to make significant decisions about data sharing or have access to shared data. The nature of the training will depend on their role within the sharing process. You can incorporate this into any training you already give on data protection, security, or legal obligations of staff. You should also maintain staff awareness through materials such as posters, office wide emails, intranet updates or data sharing content in newsletters.