As the Deputy will be aware, the sharing of data is covered by the General Data Protection Regulation (GDPR) which took effect from 25 May 2018, the Data Protection Act 2018, and the Data Sharing and Governance Act 2019 with the commencement of final sections of that Act coming into effect in December last year.
With regard to personal and or person-specific data sets, my Department holds limited data of this nature. The personal and or person-specific data sets would generally relate either to employee information, or where personal data of a limited nature is required for the administration and payment of grant funding.
My Department shares data sets with other public bodies only where there is an explicit need for such sharing in order to carry out the performance of our functions. Where such data sharing is undertaken there are agreements in place setting out how personal data is used and the roles and responsibilities of each of the parties involved in the data sharing. Details of how we use personal data in the delivery of our remit, including a detailed Privacy Notice, are set out in Data Protection section of our website.
My Department has an effective corporate governance framework in place to ensure that we meet our obligations under data protection laws, and the Data Sharing and Governance Act, in respect of our data processing and sharing activities. This includes having a Data Protection Officer and Data Officer in place to oversee compliance with data protection and data sharing obligations.
