As companies collect more and more data, it`s essential that they share that data securely and legally. That`s where a data sharing agreement comes in – and a new European regulation, the General Data Protection Regulation (GDPR), now requires that data sharing agreements between controllers be documented in writing.
But what is a data sharing agreement, and who are the controllers involved? And what does the new “controller to controller ICO” mean for businesses?
First, let`s define our terms. In data protection law, a “controller” is a person or organization that determines the purposes and means of the processing of personal data. In other words, controllers are the ones who decide what data to collect, how to use it, and who to share it with.
A “data sharing agreement” is a contract between two or more controllers that sets out the terms of how they will share data. This might include the types of data being shared, the purposes of sharing the data, and the security measures in place to protect the data.
The new “controller to controller ICO” refers to a new type of data sharing agreement required by the GDPR. Essentially, if two controllers are sharing data, they must document the agreement in writing and report it to the Information Commissioner`s Office (ICO), the UK`s data protection regulator.
The ICO explains that this requirement is intended to increase transparency and accountability around data sharing:
“Controllers must be able to demonstrate that they have an appropriate legal basis for sharing personal data, and that they have considered and addressed the risks associated with the sharing of the data. Documenting the arrangements is an important part of being accountable and transparent.”
So what does this mean for businesses? If you`re already following best practices around data protection, the new requirement should just be a matter of documenting your existing data sharing agreements. However, if you`re not currently documenting your data sharing agreements, or if you`re unsure whether your agreements comply with the GDPR, it`s important to seek legal advice.
Ultimately, the controller to controller ICO is just another step towards ensuring that businesses are handling personal data responsibly and ethically. By documenting data sharing agreements, controllers can demonstrate their commitment to data protection and build trust with their customers.