Personal data sharing between controllers

Copyright © 2025 LexisNexis
Published by a LexisNexis Information Law expert
Practice notes
Data Protection Toolkit

Personal data sharing between controllers

Copyright © 2025 LexisNexis

Published by a LexisNexis Information Law expert

Practice notes
Data Protection Toolkit
imgtext

This Practice Note explores issues and best practice relating to the sharing of Personal data between controllers (including joint controllers and independent controllers) in general business-to-business commercial situations under the Requirements of the United Kingdom General Data protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR).

It assumes a degree of familiarity with key data protection concepts and terms and the role of the Information Commissioner’s Office (ICO). For a higher-level introduction to this topic and related issues, see: Data sharing and transactions—overview.

For a higher-level introduction to UK data protection laws generally, see Practice Note: Data protection law—new starter guide. The Data protection toolkit collates further general guidance, including guidance on key terms used in the legislation, and is a recommended starting point for data protection research.

In brief—summary of steps controllers should often take before data sharing

The UK GDPR regime seeks to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

One of the key protections under the regime is the set of obligations placed

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related legal acts:
Key definition:
Personal data definition
What does Personal data mean?

Personal data means data relating to a living individual who can be identified from such data, either alone or with other information in the data controller’s possession. It includes opinions about, and intentions in relation to the data subject.

Read more readmore

Popular documents

What are the differences between joint controllers and controllers in common under the GDPR? What is the

What are the differences between joint controllers and controllers in common under the GDPR? What is the difference in liability if a party is a joint controller with another, compared to where the parties are controllers in common?(1) What are the differences between joint controllers and

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

The UK General Data Protection Regulation (UK GDPR)

The UK General Data Protection Regulation (UK GDPR)STOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1

Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for

Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for content of some training for a business, would a consent form be needed?Is someone’s voice personal identifiable information under GDPR?A voice recording is likely, in almost all circumstances, to