Personal data sharing between controllers
Personal data sharing between controllers

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Personal data sharing between controllers
  • Summary
  • Key guidance
  • Guidance from the UK’s ICO
  • Guidance from the EDPB
  • What is personal data sharing?
  • Situations which may involve personal data sharing
  • Data sharing under the GDPR regimes
  • Incidental or limited data sharing
  • Routine v ad hoc data sharing
  • More...

This Practice Note explores issues and best practice relating to the sharing of personal data between controllers (including joint controllers and independent controllers) in general business-to-business commercial situations.

On 31 January 2020, the UK ceased to be a member of the EU and EEA. Given the extensive data flows between the EEA and UK, equivalent EEA data protection laws will remain of particular interest to UK practitioners. There are extensive similarities between the laws applicable under:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) (applicable under UK laws until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020 and remaining applicable in the EEA thereafter), and

  2. the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) (applicable under UK laws from the end of the Brexit implementation period and largely based on the EU GDPR)

Therefore, this Practice Note addresses equivalent requirements under both the UK GDPR and EU GDPR to assist UK practitioners who may need to consider the position under either. It refers to both as ‘the GDPR’ for convenience where there is no need to distinguish them so it can be read as referring to either the EU GDPR or UK GDPR.

Note that:

  1. this Practice Note considers equivalent provisions under the EU GDPR applicable in EEA states at the supranational level

Popular documents