Navigating the data sharing code
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2026. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
A quick reference guide to help you find the content you need on each topic.
What you need to do or consider → |
Where you can find it in the data sharing code |
|---|---|
| Identify your objective in sharing the data → | |
| Be clear as to what data you are sharing → | |
| Understand the position following UK exit from the EU → | |
| Consider the benefits and risks of sharing and not sharing → | |
| Carry out a Data Protection Impact Assessment (DPIA) → | |
| Put in place a data sharing agreement → | |
| Ensure you follow the data protection principles → | |
| Check your data sharing is fair and transparent → | |
| Identify at least one lawful basis for sharing the data before you start sharing it → | |
| Put in place policies and procedures that allow data subjects to exercise their individual rights easily → | |
| Be clear about sharing data under the law enforcement processing provisions of Part 3 DPA 2018, and sharing between the UK GDPR/Part 2 DPA 2018 and Part 3 DPA 2018 → | |
| Demonstrate a compelling reason if you are planning to share children’s data, taking account of the best interests of the child → | |
| Share data in an emergency as is necessary and proportionate. Plan ahead as far as possible → | |
| Document your decisions about the data sharing, evidencing your compliance with data protection law → | |
| Put in place quality checks on the data → | |
| Arrange regular reviews of the data sharing arrangement → | |
| Agree retention periods and make arrangements for secure deletion → |