Navigating the data sharing code
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
A quick reference guide to help you find the content you need on each topic.
What you need to do or consider → |
Where you can find it in the data sharing code |
|---|---|
| Identify your objective in sharing the data → | |
| Be clear as to what data you are sharing → | |
| Understand the position following UK exit from the EU → | |
| Consider the benefits and risks of sharing and not sharing → | |
| Carry out a Data Protection Impact Assessment (DPIA) → | |
| Put in place a data sharing agreement → | |
| Ensure you follow the data protection principles → | |
| Check your data sharing is fair and transparent → | |
| Identify at least one lawful basis for sharing the data before you start sharing it → | |
| Put in place policies and procedures that allow data subjects to exercise their individual rights easily → | |
| Be clear about sharing data under the law enforcement processing provisions of Part 3 DPA 2018, and sharing between the UK GDPR/Part 2 DPA 2018 and Part 3 DPA 2018 → | |
| Demonstrate a compelling reason if you are planning to share children’s data, taking account of the best interests of the child → | |
| Share data in an emergency as is necessary and proportionate. Plan ahead as far as possible → | |
| Document your decisions about the data sharing, evidencing your compliance with data protection law → | |
| Put in place quality checks on the data → | |
| Arrange regular reviews of the data sharing arrangement → | |
| Agree retention periods and make arrangements for secure deletion → |