The ICO has issued guidance relating to sharing information to protect children in an effort to reassure people that data protection law does not prevent data sharing for this purpose.
- Be clear about how data protection law can help you share appropriately; get advice from your DPO/data protection team.
- Identify the purpose for sharing. Safeguarding is a compelling reason.
- Develop systems and policies to share data and train staff on these.
- Ensure there is transparency and ability to exercise individuals’ rights (unless this is inappropriate).
- Assess the risks and share as needed: do DPIAs for regular/routine data sharing, considering an overarching DPIA. It was acknowledged that a DPIA may not be appropriate for sharing on a one-off basis.
- Enter into data sharing agreements (again, this may not be appropriate for one-off sharing).
- Follow the data protection principles.
- Use an appropriate lawful basis (don’t assume consent is the correct basis).
- Share information where there is an emergency.
- Read the data sharing code.
The full guidance can be found here.