The Gibraltar Regulatory Authority has published a code of practice for data sharing as it set out the importance for organisations to understand what can be done legally, and what cannot be done when considering sharing personal data.
Under the right circumstances and for the right reasons, data sharing between organisations can be beneficial to society and individuals, the GRA said in a statement.
The Code of Practice aims to help individuals and organisations from being disadvantaged as a result of excessive caution or carelessness in disclosure.
“Where unjustified disclosures occur, serious harm to individuals and society may be caused,” the GRA said.
In such circumstances, the citizens’ rights under the Data Protection Act 2004 must be respected and organisations have to comply with their obligations under the legislation, the GRA added.
The code provides good practice for the sharing of personal data and delivers a general framework, which organisations can use to develop their own data sharing agreements.
“Each organisation must adapt it in accordance with their circumstances, taking into account the nature of the data involved and type of data sharing.”
“Adopting the recommendations in the Code of Practice, will help organisations operate in a compliant manner and avoid the operation of insecure data sharing arrangements that can be detrimental to society and individuals, and generate public distrust.”
The Code of Practice is available on the data protection section of the GRA’s website – www.gra.gi/data-protection.