Menu

Processing

What the law says:

Section 1 of the DPA defines "processing" as follows:

"in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including —
(a) organisation, adaptation or alteration of the information or data,
(b) retrieval, consultation or use of the information or data,
(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or
(d) alignment, combination, blocking, erasure or destruction of the information or data;"

What it means

In practical terms, it is difficult to think of anything that an organisation may do with information, from the original collection to destruction, which does not fall within the definition of "processing".

"Processing" includes "data sharing", whether that is as part of a large-scale data sharing arrangement or by way of a one-off disclosure of personal data.

The sharing of personal data must comply with all the data protection principles.  The fundamental starting point is compliance with the first principle requirements of fairness, lawfulness and meeting conditions for processing.

Comprehensive guidance on data sharing has been published in a Code of Practice and two quick checklists, one for systematic data sharing, the other for one off requests to share personal data, issued by the UK Information Commissioner.