The risks involved in data sharing
Data controllers must comply with the data protection principles set out in Schedule 1 of the DPA (section 4(4)). The main risks for data controllers in any data sharing arrangement include:
Failing to notify individuals about how their data will be processed.
Collecting personal data for one purpose and later sharing or using it for another incompatible purpose without the data subject’s knowledge or consent.
Failing to maintain the integrity and security of the data.
The ICO has the power to take enforcement action against data controllers and can levy fines of up to Â£500,000 on a data controller for a serious breach of the data protection principles (or for serious breaches of the Privacy Regulations) (section 55A, DPA).Â
Non-compliance with the DPA could, therefore, be costly, cause significant loss of reputation to an organisation and harm to data subjects.