The risks involved in data sharing
Data controllers must comply with the data protection principles set out in Schedule 1 of the DPA (section 4(4)). The main risks for data controllers in any data sharing arrangement include:
-
Failing to notify individuals about how their data will be processed.
-
Collecting personal data for one purpose and later sharing or using it for another incompatible purpose without the data subject’s knowledge or consent.
-
Failing to maintain the integrity and security of the data.
The ICO has the power to take enforcement action against data controllers and can levy fines of up to £500,000 on a data controller for a serious breach of the data protection principles (or for serious breaches of the Privacy Regulations) (section 55A, DPA).Â
Non-compliance with the DPA could, therefore, be costly, cause significant loss of reputation to an organisation and harm to data subjects.