How the guide works
Understanding the principles and best practice for data sharing
This guidance sets out what you need to do to share data between organisations in simple terms, from obtaining the right permissions from members of the public (and, crucially, protecting their privacy), to forging a strong formal agreement.
It is not always clear to a cultural organisation whether they could (or even should) seek to enter into a data sharing arrangement with another. Many do not do so for fear of losing a competitive advantage, or breaking data protection rules. We have already noted that organisations who collaborate to grow their audiences stand a better chance of success.
There is no inherent bar to data sharing in the legislation, providing organisations follow the correct procedures.
This guide is arranged into three sections that seek to help people in cultural organisations understand why we should and how we can share data:
- Purpose and principles: what we need to consider when planning to share data
- Practical steps required to be compliant with data protection regulations
- A simple self-assessment checklist to help you determine whether you are ready to share data, prompting best practice
The use of individuals’ personal information is regulated from May 2018 by the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (“PECR” 2003). For the purposes of this guidance, PECR has distinct and specific implications relating to the ways in which data is used to contact individuals electronically for the purpose of direct marketing, which then affect how that data may subsequently be used or shared (PECR is due to be superseded by the upcoming EU-wide ePrivacy regulation, which may require further revision to the guidance given on this site)
Finally, the legislation covering the use of personal data is wide-ranging, and a user-friendly guide, focused on data sharing and best practice, cannot hope to cover it comprehensively. For more in-depth background, please refer to the following:
- Guidance on applying UK Data Protection and Privacy & Electronic Communications Regulations.
- The ICO's data sharing code of practice
- The ICO's guidance on Direct Marketing