For many organisations and institutions sharing data is a necessary and regular part of their work. From logistics companies requiring personal addresses, to healthcare facilities sending sensitive patient files, to specialists, there are many appropriate reasons for sharing information.
The General Data Protection Regulation (GDPR) is designed under EU law for privacy and data protection, and last week marked two years since its introduction. Following Brexit, the UK intends to mirror the current GDPR regulations in new rules, so companies sharing information are advised to be mindful of them.
1. Justifiable action
Before sharing data, always consider whether you have legitimate reason for doing so. Ask yourself why you are sharing information, what you hope to achieve and if you have a legal basis for your actions. Look at how much data you are sharing and with whom to assess potential risks, and then consider whether it is justified.
2. Pros and cons
It is a wise idea to weigh up the risks versus the advantages when decided whether or not to share data. If the data contains personal information that puts people at risk, you should carry out a Privacy Impact Assessment (PIA).
3. Understanding your rights
Find out if you possess a right to share data. What kind of organisation are you employed by and what authority does it have? In some circumstances you may be legally obliged to share information by a court order or other legal requirement.
4. Adequacy decisions and safeguards
Consider the data transfer and where it takes place. Make sure it is covered, with an adequacy decision in place to protect any associated freedoms and rights.
If an adequacy decision has not been conducted, check if there are other forms of security governing the data transfer, such as contract clauses or corporate rules.
To protect yourself, if there are no safeguards or adequacy decisions for a data transfer, obtain the explicit consent of any individual associated with the information.
5. Proper protocols
Draw up protocols for data sharing and check if any pre-existing agreements are in place with any third parties. Create policies that make sure those involved are aware their data is being shared, and assess whether security measures such as encryption are in place to safeguard private information.
6. Stay accurate and up to date
Ask how you will make sure any data you have shared with others is always current and accurate. Consider who is responsible for this – will it be the enterprise sharing the data, or those receiving it? If the data contains personal details, will the individuals it relates to be able to access it and how will this be arranged? Consider how long those involved in the data transfer should retain information for, and ensure protocols are in place that can confirm that data has been deleted when it is no longer required.
A comprehensive compliancy solution
At Galaxkey, we have designed our secure platform to ensure it offers information security professionals complete control of company data and end-to-end encryption. Ensure your company keeps compliant and contact our specialist team today for a free trial.