My Department does not hold a schedule of datasets shared with other bodies covering the past 20 years to date. The Department was established in 2020.Where my Department shares personal data with another organisation, it does so on the basis of one of the lawful grounds set out in Article 6 (and Article 9 if applicable) of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 i.e. with the consent of the data subject, for the performance of a contract, for compliance with a legal obligation, to protect the vital interests of the data subject, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Department or for the purposes of legitimate interests.Currently, my Department shares data with other organisations for purposes such as compliance with employee tax obligations, in connection with legal proceedings, awarding of bursaries/scholarships and audit purposes. The transfer of data may be in aggregated form or on an individual basis depending on the purpose.The sharing of this data is notified to data subjects through the Department’s Data Protection Notice, which is publicly available on the Department's website, and through individual Privacy Notices associated with various data processing activities. Where such sharing takes place, appropriate governance agreements are in place to identify the roles and respective responsibilities of each party. When sharing personal data, my Department adheres to the principles set out in the GDPR including those of purpose limitation, data minimisation, and integrity and confidentiality.
