Any thoughts or clarification on the following would be appreciated,
depending on the day of the week my thoughts change.
Two separate organisations. One acts as the management contractor for the
other, both share a large proportion of the staff, employing them under a
joint contract. Both are registered with the IOC. Is it legally correct for
one simply to adopt the other's DPA policy and guidelines, either by a
reference to agreeing to abide by them or by amending the name and logos
within these documents, or should they each produce their own.
The two organisations also share the same W.A.N. and can access the same
databases containing personal information of their clients and staff.
As joint controllers must they still draft a protocol or contract, to
govern the details of data sharing, or if a central DPA policy etc is
legal, will this on its own be sufficient?
Just to complicate matters they will be sharing a separate database
containg p.d. with at least 2 other organisations, not thankfully any more
staff.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
