Personal data sharing between controllers

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Personal data sharing between controllers
  • Summary
  • Key guidance
  • Guidance from the UK’s ICO
  • Guidance from the EDPB
  • What is personal data sharing?
  • Situations which may involve personal data sharing
  • Data sharing under the GDPR regimes
  • Incidental or limited data sharing
  • Routine v ad hoc data sharing
  • More...

Personal data sharing between controllers

This Practice Note explores issues and best practice relating to the sharing of personal data between controllers (including joint controllers and independent controllers) in general business-to-business commercial situations.

On 31 January 2020, the UK ceased to be a member of the EU and EEA. Given the extensive data flows between the EEA and UK, equivalent EEA data protection laws will remain of particular interest to UK practitioners. There are extensive similarities between the laws applicable under:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) (which was applicable under UK laws until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020 and remains applicable in the EEA), and

  2. the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) (applicable under UK laws from the end of the Brexit implementation period and largely based on the EU GDPR)

Therefore, this Practice Note addresses equivalent requirements under both the UK GDPR and EU GDPR to assist UK practitioners who may need to consider the position under either. It refers to both as ‘the GDPR’ for convenience where there is no need to distinguish them so it can be read as referring to either the EU GDPR or UK GDPR.

Note that:

  1. this Practice Note considers equivalent provisions under the EU GDPR applicable in

Popular documents