Data Fundamentals - Data Sharing (ICO blog)

Last updated
21 April, 2026
logos

This blog from Aaron Johnson, ICO Lead Policy Officer, is part of the Information Commissioner's Office (ICO) Data Fundamentals Series 2026. This blog takes a look at sharing data safety and responsibly.

Sharing information is often essential to delivering your mission, whether you’re supporting individuals, working with partners, or reporting to funders. At the Information Commissioner’s Office (ICO), we want to reassure you that data protection is not a barrier to information sharing. In fact, it enables safe, proportionate, and responsible sharing. 

Here we set out some practical, quick‑reference checklists to help you think through the key points. For more detail, see our data sharing advice, and our Data Sharing Code of Practice is always there to help you dig deeper. 

Check whether the sharing is justified

Before sharing personal data, pause to sense‑check your reasoning:

  • What is the specific purpose for sharing the data?
  • What are the potential benefits and risks of sharing or not sharing?
  • Is sharing the data necessary and proportionate?
  • What is the minimum amount of personal data required?
  • What safeguards can be put in place to reduce risks? For example, could you password protect the documents?
  • Could the same goal be reached without sharing personal data?

Pro tip: In some situations, anonymisedpseudonymised or aggregated information will be sufficient.

Considerations when sharing

If you can justify the data sharing, you should ask:

  • What information am I sharing?
  • How should I share this information?
  • How will the other organisations handle this data?
  • What technical and organisational measures do we have in place to ensure the security of the data?
  • Are people aware I am processing their data in this way?

Pro tip: To meet your transparency obligations you must clearly explain how and why you share data. Consider whether this is reflected in your privacy policy. Privacy notice not up to date? Try our privacy notice generator.

Check your record keeping 

Record keeping doesn’t have to be complex. Noting down answers to the questions below can ensure you are staying accountable.

You should consider documenting:

Pro tip: Unsure about your lawful basis? Try our interactive lawful basis tool.

Data sharing agreements

Data sharing agreements (DSA) can help ensure that personal data is handled appropriately between organisations that regularly share data. For one‑off or occasional disclosures, a full DSA may not be necessary. 

A helpful DSA will usually set out: 

  • what information is being shared;
  • why it’s being shared;
  • who will receive it;
  • how the information will be protected;
  • responsibilities, for example handling incidents or rights requests; and
  • retention and what happens once data is no longer needed.

Pro tip: Review DSAs regularly, especially when sharing arrangements change or after serious complaints or breaches.

More resources

For more information on our Data Fundamentals series, see our launch post and our data retention blog.  

Sign up for our next webinar

Data (Use and Access) Act information seminar with ICO | NICVA

If you have any further questions about data sharing or anything data protection related, please visit the ICO website, where you will find guidance specifically for charities and other small-to-medium-sized organisations. 

Sandra
Bailie
Director of Sector Support