Data sharing is an essential part of our information-driven society. It allows companies and public bodies to work together to benefit clients and the general public alike. The Data Sharing Code of Practice document outlines how to share information responsibly and securely. But the status of the Code is changing, with implications for all who share data. Here we tell you some of the things you need to know. 

What is the Data Sharing Code of Practice?

Privacy is important to us all, even more so during current times when data is such a valuable commodity. However, think about how GPs communicate with consultants about a patient’s specific health condition or how online retailers contract out deliveries to logistics companies. Sharing data allows us to enjoy the practicalities and luxuries of daily life. 

Written by the Information Commissioner’s Office (ICO), the Data Sharing Code of Practice gives detailed information on how to share data lawfully and respectfully. It’s been in place since 2012 and supports organisations to carry out their business safely and effectively.  

The status of the Code is changing

The Data Sharing Code of Practice currently acts as guidance. But its status is changing: it is becoming a statutory document. The Code was put before Parliament on 18th May 2021 and will become law after 40 sitting days. Being a statutory document means a judge will consider your compliance with the Code in a Court of Law. 

For example, let’s say you are involved in a data-sharing case that goes to court. Showing you have followed the Data Sharing Code of Practice will be an important factor in your defence. Having evidence that you have done so appropriately will work in your favour. Failure to use the Code or wilful disregard of it will not.  

How to share data safely

The aim of the Code is to support businesses and organisations to share data safely and securely. Here are some steps the ICO suggest you take: 

  • Be accountable and take responsibility for adhering to the law. Do you have evidence of your accountability, should the ICO ask?
  • As the ICO succinctly puts it, “You must share personal data fairly and transparently.”1
  • Know your lawful basis for sharing data. Without a legal reason, you shouldn’t be sharing data.
  • When it comes to the actual sharing of data between parties, do so with security in mind. Neither your organisation nor the owners of the data would appreciate a data breach.

Be aware of the risks to your organisation when sharing data, and consider completing a Data Protection Impact Assessment (DPIA). It’s also sensible to have a Data Sharing Agreement in place. 

Data sharing is legal, and in some cases, necessary. The ICO see it as a positive action that comes with a lot of advantages. However, it is easy to understand how sharing people’s data might become a problem, even more so if done carelessly and without good reason. 

If you’d like to find out more about the Data Sharing Code of Practice and how its new statutory status could affect you, contact Dr Sam Linton on +44 1482 762 392, email or click here. For more information, see here. Find the Data Sharing Code of Practice here.





Dr Sam Linton is a data protection professional and a GDPR Practitioner. Contact for Data Protection advice and services –