We share data across the Council and with our partner services to fulfil our statutory responsibilities as a Local Authority.
The General Data Protection Regulations (GDPR) and Data Protection Act (DPA) 2018 allow us to share information for a wide variety of reasons: these are known as our ‘legal bases to process data’.
This data protection legislation should never be used as a ‘blocker’ when sharing personal data, especially in times of emergency which require more collaborative working internally and externally.
The examples below show where personal data including ‘special category data’ (data relating to racial/ethnic origin, political opinions, sexuality and sexual life, medical information, religion, trade union membership and genetic/biometric data) can be shared and used in a way that is compliant with GDPR/DPA without requiring the consent of the data subject.
We will always aim to share the minimum data necessary to achieve the purpose required.
Article 9 (2)(G) of GDPR
We are able to share data, both internally and externally, if it satisfies the Data Protection Act’s definition of ‘substantial public interest’, (Schedule 1, paragraphs 6-28). There are 23 specific definitions and those most relevant in a Local Authority include using data to:
If we are clear on why we need to share data, we will establish how to apply it for our purpose.
(Article 9 (2)(B)) of GDPR
GDPR allows us to share data if it is necessary to comply with the obligations set out in law. Local Authorities are given many powers in different Acts of Parliament which can be used in the context of emergency data sharing.
The list below shows some of the most frequently used, but is not exhaustive:
GDPR also sets out other legal bases for sharing ‘special category data’ which can be used in specific scenarios. These include when it is:
If the need to share data corresponds with one of the Article 9 conditions described above, it is likely that this sharing is justified and is serving a larger purpose in our response to an emergency.
For any questions regarding the above, please contact the Information Governance Team at: dpo@richmondandwandsworth.gov.uk
Up to: Privacy and data protection
Updated: 02 April 2020