Q&As

After a one off data sharing has taken place, which complies with the DPA 1998, what are the ongoing obligations on the original data controller?

read titleRead full title
Produced in partnership with Ashley Roughton of Ipchambers.eu
Published on LexisPSL on 28/07/2016

The following Information Law Q&A Produced in partnership with Ashley Roughton of Ipchambers.eu provides comprehensive and up to date legal information covering:

  • After a one off data sharing has taken place, which complies with the DPA 1998, what are the ongoing obligations on the original data controller?

The answer will depend upon the basis upon which the data sharing took place, and any contractual arrangements entered into between the parties.

If the original data controller was simply sharing (ie handing over a copy) data with somebody who was going to process for the original data controller and then send the processed data back then there has to be a contract between the two which (at the very least) specifies that there shall be verifiable security measures on the part of the data processor and that the processor must follow the instructions of the original data controller.

If the contract has continuing obligations say, of confidentiality or to return all data and erase any manifestations on the processor’s servers, then the obligations or rights o

Related documents:

Popular documents