Under the right circumstances and for the right reasons, data sharing between organisations can be beneficial to society and individuals. For that reason, today the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, has published a Code of Practice for data sharing.

It is important for organisations to understand what can be done legally, and what cannot be done when considering sharing personal data. The Code of Practice aims to help individuals and organisations from being disadvantaged as a result of excessive caution or carelessness in disclosure. Where unjustified disclosures occur, serious harm to individuals and society may be caused. In such circumstances, the citizens’ rights under the Data Protection Act 2004 (“DPA”) must be respected and organisations have to comply with their obligations under the DPA.

This document provides good practice for the sharing of personal data and delivers a general framework, which organisations can use to develop their own data sharing agreements. Each organisation must adapt it in accordance with their circumstances, taking into account the nature of the data involved and type of data sharing.

Adopting the recommendations in the Code of Practice, will help organisations operate in a compliant manner and avoid the operation of insecure data sharing arrangements that can be detrimental to society and individuals, and generate public distrust.

The Code of Practice is available on the data protection section of the GRA’s website - www.gra.gi/data-protection