I know it's only Monday and not Friday, but it's very hot and my brain is fried!!!

I'm checking over a template Data Sharing Agreement and amking sure it's got everything in that the ICO Code of Practice recommends, and am trying to get my head round what happens in the case of a Data Subject Access Request to an organisation which holds data which has been shared with them by the original data controller!

The guidance states that "one staff member or organisation takes overall responsibility for ensuring that the individual can gain access to all the shared data easily". With the ContactPoint project, the Local Authority was joint data controller with HM Government, and any data subject access requests relating to ContactPoint were to be directed to the LA - is this how the ICO intends any requests concerning shared data to be dealt with?

I'm doubting myself because if that were the case, surely the guidance would state that all DSARs should be dealt with by the originating organisation/original data controller?!

Any help would be gratefully appreciated by my addled brain!


Michelle Peel
CYPS Information Governance Officer
Trafford Council

     All archives of messages are stored permanently and are
      available to the world wide web community at large at
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)