Excerpt |
---|
In the preparation for GDPR and the UK refresh of the Data Protection Act it seems that some organisations, especially government departments and public bodies are asking some very awkward questions.
|
There are probably others going the rounds as well. Prefacing what I'm going to say with IANAL (I am not a lawyer) it makes sense to apply some rationality to this and maintain the proper borders between organisations. In general I do not believe that anyone has to promise to any one else, including the Government that they are going to obey the law. Extra contractual conditions won't provide any kind of indemnity to either party, remember that organisations that supply data have a duty of care to both the owners of the data (individuals), and whoever they share it with, that they indeed have the necessary permissions. There could potentially be a lot of 'indemnities' swapped around. But of course they mean nothing.
...