Changes to Audience Data Sharing

This site gives guidance on good practice in relation to sharing audience data, in ways which are compliant with the regulations. The guidance on this site has been reviewed and updated during October and November 2017 to reflect the requirements of the application of GDPR from May 2018 in relation to sharing personal information. We have identified areas where the obligations of GDPR require a change in the guidance formerly given on this site under the outgoing Data Protection Act. In making these changes, we have liaised with the Information Commissioner’s Office. The guidance given on this site considers GDPR chiefly in so far as it relates to data sharing – it is not a guide to best practice in how to comply with GDPR as a whole. The website of Information Commissioner's Office is the best place to start looking for guidance of GDPR in general.

Guidance on sharing audience data responsibly and fairly, for the benefit of our audiences, and for the whole cultural sector.

There are a number of reasons why cultural organisations may want or need to share audience data. There are also challenges in doing so, while respecting the wishes of audiences, and data protection legislation. This site was commissioned by Arts Council England to help cultural organisations navigate these challenges, in the interests of our audiences, and a thriving sector. It offers guidance on good practice in the light of the legal frameworks, and has been developed through extensive consultation.

The guidance should help you and partner organisations share information in a way that is sustainable, useful to all parties, and fair. As the best ways to do so are open to debate, the site has been designed to enable us to exchange views: do use it to put forward your questions, comments and suggestions. We hope to build a consensus and develop the guidance through this debate.

How can we make the guidance work for us?

How we use this data sharing guidance must work for us all, company and venue. Each section of the guidance allows you to leave feedback. This feedback will be collated, sent to the Arts Council and also used to build up the Frequently Asked Questions section, so that it becomes a living resource for us all. This is essential so we can work together as a sector to collaborate and share best practice around data sharing.


Follow our guidance for successful GDPR and PECR compliant data sharing between arts and cultural organisations

The approach you take will vary from case to case and you should ideally agree one which is fit for purpose. Have a look at:

  • Notifications - see what routines you need to go through if you are collecting data at point of sale or elsewhere
  • Checklists - check your own practice and readiness to share data
  • FAQs - see or post questions of interest to all
  • Case study - a real life example demonstrating the benefits and practice of data sharing
  • Comments - add your views not just about the guidance, but about what the sector should consider to be fair

Anne Torreggiani, The Audience Agency

We were commissioned by Arts Council England to draft some guidance on data sharing, not just in the light of their new requirement to share data, but also the new advice on from the ICO on how arts organisations should best comply with Data Protection and privacy legislation. The idea was to help save money on lots of organisations spending huge amounts on the same legal advice, while confidently forming the happy data-sharing relationships that Arts Council England intend as the result of their new requirements…


What are the benefits of data sharing for the sector?

The Arts Council England view.


Questions and answers about data sharing

Find FAQs relating to data sharing here and ask anything else you’d like to know.


The legal obligations related to data sharing

Read the document which sets out all you need to know about the legal regulations governing data collection, management, storage and use.

Legal Information


The guidance was originally co-ordinated and edited by The Audience Agency, written by Director of Data Platforms Leo Sharrock, and independent consultant Roger Tomlinson. It was redrafted in Autumn 2017 to reflect the requirements of GDPR by Leo Sharrock and legal advice throughout was given by Adam Kerr of Primas Law.


The guidance cannot, and should not, be relied upon as legal advice, and neither The Audience Agency nor their contractors accept liability for the consequences of its application. The Audience Agency is an independent agency, with independent views; the views of multiple stakeholders are expressed on this site, and these do not all necessarily reflect those of The Audience Agency.

This site gives guidance in relation to what we consider to be best practice. However, compliance is context and fact sensitive and as such following the guidance does not guarantee regulatory or statutory compliance. The Information Commissioners Office will judge any complaint on its own merits, and organisations in need of context or situation specific legal advice should seek it from an appropriately qualified source.