DPIAs / Data Sharing Agreements

Very few organisations work in total isolation. In this era of connectivity value is generated by the sharing and (co)processing of data, much of which is personal data. Under data protection legislation, organisations must create a formal agreement for sharing data, before the sharing begins, which sets out the legal basis, responsibilities and the controls in place.

However, data sharing between the public sector and private clients is challenging because each sector is subject to unique regulations. For example, public sector organisations are forbidden from using certain lawful bases for sharing personal data while commercial organisations may have more flexibility.

Moreover, legislative measures to assist data sharing between organisations, such as the Irish Data Sharing and Governance Act 2019, are still not fully implemented. As such, facilitating necessary data sharing can be a real challenge.

Trilateral supports public sector and private clients to employ best practices for the sharing and (co)processing of personal data.

We help our public sector and private clients to understand and document what data needs to be shared as well as why and how it will be shared. Where personal data is involved, we also work with clients to minimise the volume of data to be processed, mitigating risk and ensuring full transparency.

Additionally, where data sharing is part of an ongoing relationship, we have helped draft Data Sharing Agreements to ensure responsibilities are set out such that data subjects can clearly understand how their data is processed, why and by whom.