3 min read

Writen by Zlatko Delev

Posted on: April 9, 2021

ICO POST: Data sharing code

Very beneficial blog has been shared by Ali Shah, Head of Technology Policy

Blog:Building on the data sharing code: our plans for updating our anonymisation guidance.

Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out trends and provide new insights to improve patient care, while in the financial sector, data sharing can help to protect against money laundering and ensure individuals are protected from fraud.

In our experience, organisations want to use and share data in a safe and legally compliant way, but can be uncertain around how to do this. That’s why we’ve got clear guidance, to help build confidence in decision making around data sharing – we know that when data is shared properly, it can lead to real benefits.

The recent ICO Data Sharing Code of Practice. provides organisations with a practical guide on how to share personal data in line with data protection law. However, we recognise there are other dimensions to data sharing. The code is not a conclusion, but a milestone in this ongoing work. We will continue to provide clarity and advice in how data can be shared in line with the law.

Building on this promise, we are now outlining our plans to update our guidance on anonymisation and pseudonymisation, and to explore the role that privacy enhancing technologies might play in enabling safe and lawful data sharing. We recognise that questions about when data is personal data or anonymous information are some of the most challenging issues organisations face.

Our refreshed guidance will assist organisations in meeting these challenges. We will set out our views on approaches like the spectrum of identifiability, and how these can be practically applied. We will provide advice on how to assess the appropriate controls that need to be in place and we will be grounding our guidance in practical steps organisations can take.

The key topics we will be exploring include:

  • Anonymisation and the legal framework – legal, policy and governance issues around the application of anonymisation in the context of data protection law;
  • Identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests;
  • Guidance on pseudonymisation techniques and best practices;
  • Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
  • Anonymisation and research – how anonymisation and pseudonymisation apply in the context of research;
  • Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
  • Technological solutions – exploring possible options and best practices for implementation; and
  • Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.

Find out more on the following link .

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

ISO 27001 Controls: A Comprehensive Step-by-Step Guide

Organisations in today's world filled with technology require a good information security setup and

Comparing Information Security Frameworks and Data Protection Frameworks

With cyber threats evolving at an unprecedented rate and regulations tightening globally, understan

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy