Select Page

Note: Keep in mind, however, that the collection of this type of information by public institutions subject to the law must always meet the requirements of Section 4 of the Data Protection Act with regard to collection. Depending on the sensitivity of the personal data transmitted, federal government institutions may also request to be notified by the recipient if the destruction has occurred. This would require the recipient to keep a protocol of destruction or a protocol of the disposition of all common personal data. Such recordings of destruction or minutes could contain the following information and be immediately made available to the other party at the request: the circumstances of obtaining consent or notification of persons should normally be articulated within the framework of the agreement. The agreement could, for example, indicate that, when the purpose for which the information is collected is published, the person concerned should be informed through each legal authority in charge of the investigation, how it is used, how it is shared and for what purpose. If consent is sought and rejected, objections must be properly registered and each organization must comply. The agreement could also require that any revocation of consent be immediately communicated to all parties. Any prohibition or restriction on the subsequent or secondary use of the information should be clearly addressed in the agreement, taking into account the relevant laws, regulations or directives of the contracting parties. ico.org.uk/media/for-organisations/documents/1067/data_sharing_checklists.pdf examples of when a contract would be most appropriate are: personal data is defined in section 3 of the Data Protection Act as “information relating to an identifiable person that is recorded in one way or another, including, without restricting the universality of the above, the ICO has published updated guidelines for organizations that refer to data processing contracts/agreements under the DSGVO. Another alternative is the depersonalization of information; However, if this is used, it should not be possible to re-link the information to identifiable individuals. Institutions should also be assured, as far as possible, that the receiving party will not attempt to reintegrate persons.

In the absence of the registration of the disclosed personal data, the parties to the agreement cannot notify third parties to whom the information has been disclosed that the information has been corrected or that the person to whom the information relates has submitted a request for correction.