The Information Commissioner’s Office (ICO) has published its new code of conduct for data exchange.
The Code provides practical advice to help businesses and other groups demonstrate that data sharing legislation compliance and the use of data are fair, lawful and accountable.
It covers different areas including transparency, legal bases for the use of personal data, the new principle of accountability and the obligation to record processing activities.
The provisions for the new code were set out in the Data Protection Act 2018. A previous code for data exchange was published in 2011 under the Data Protection Act 1998.
According to Information Commissioner Elizabeth Denham, the Covid-19 pandemic has brought even more focus to the need for fair, transparent and secure data exchange.
She said, “I’ve seen firsthand the importance of sharing data between organizations in helping and protecting people during the response to the Covid-19 pandemic.
“This includes government agencies and supermarkets sharing information to help shield vulnerable people, or sharing health data to support rapid, efficient and effective delivery of pandemic responses.”
Data sharing is key to economic and social benefits, including greater growth, technological innovation, and the provision of more efficient and targeted services.
The new code therefore aims to promote digital innovation in both the private and public sectors.
The Code states that the goal of data protection legislation is to make data sharing easier if it is approached in a fair and proportionate manner rather than being an obstacle.
The Code also contains guidelines on the effects of Brexit on data protection laws. As the deadline for Brexit is three weeks away and departure without an agreement is still possible, the Code recommends that organizations review the security arrangements for transferring data to and from the European Economic Area, as the rules for international transfers will come into effect .
The ICO has also released a number of resources to help organizations better ensure compliance with data protection regulations. This includes a basic guide to the code as well as frequently asked questions, case studies, checklists, and templates.
Before the Code is officially adopted, the Foreign Minister must submit the Code to Parliament for approval. This should be done as soon as possible.
Once the code has been established, it will remain in front of Parliament for 40 days. If there are no objections, it comes into force 21 days later.
Denham added that the release of the code was not a conclusion but a milestone.
“This code shows that the legal framework allows for responsible data sharing and defeats some of the myths that currently exist,” she said.
“I want my Code of Conduct to be part of a broader effort to address the technical, organizational and cultural challenges for data sharing. The ICO will be at the forefront of a collaborative effort and will work with key stakeholders.
“I know I can rely on the combined efforts of practitioners and government to understand the Code and work with the ICO to embed it.”