That's brilliant - thanks for sharing this Peter. KR Heléna Ashton AMBCS |Information Governance Manager – Connecting Care NHS South, Central and West Commissioning Support Unit Fifth Floor – South Plaza, Marlborough Street, Bristol, BS1 3NX, T: 0117 900 2180 | E: [log in to unmask] | M: 07768 978885 www.protectinginfo.nhs.uk | www.scwcsu.nhs.uk -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale Sent: 03 July 2018 13:27 To: [log in to unmask] Subject: Re: [data-protection] As basic as it gets Hi Phil, This is something I was wondering about a couple of months ago, but the ICO's guidance wasn't exactly definitive on the matter (and has now vanished from its website). However this handbook - http://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law - states that: "‘Recipient’ is a broader term than ‘third party’. In the meaning of Article 4 (9) of the GDPR, a recipient means “a natural or legal person, public authority, agency or another body, to which data are disclosed, whether a third party or not”. This recipient may either be a person outside the controller or processor – this would then be a third party – or someone inside the controller or processor, such as an employee or another division within the same company or authority. The distinction between recipients and third parties is important only because of the conditions for lawful disclosure of data. The employees of a controller or processor may be recipients of personal data without further legal requirement if they are involved in the processing operations of the controller or processor. Whereas, a third party, being separate from the controller or processor, is not authorised to use the personal data a controller processes, unless on specific legal grounds in a specific case." Seems fairly definitive to me, if you consider the source to be authoritative. Regards, Peter Peter Dinsdale Data Protection Consultant Perfect Image / T: 0191 238 0111 www.perfect-image.co.uk Follow us on Twitter http://twitter.com/perfectimage -----Original Message----- From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Phil Bradshaw Sent: 03 July 2018 12:05 To: [log in to unmask] Subject: [data-protection] As basic as it gets Definition: ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. GDPR Art 4. Is an employee who legitimately looks at my personnel file a recipient? In the sense that he has seen it my personal data has been disclosed to him. On the other hand it doesn't seem an entirely natural use of "recipient" or "disclose". ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ________________________________ Save paper, please think twice before printing this email. Equinox House | Cobalt 3.2 | Cobalt Business Park | Silver Fox Way | North Tyneside | Newcastle upon Tyne | NE27 0QJ T. 0191 238 0111 | F. 0191 238 0127 | Service Desk Direct Line. 0191 238 0121 Perfect Image Ltd. Registered in England & Wales. Company Registration Number: 2650067 Registered Office: Equinox House, Cobalt 3.2, Cobalt Business Park, Silver Fox Way, North Tyneside, Newcastle upon Tyne, NE27 0QJ This e-mail is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not represent those of Perfect Image Ltd. If you are not the intended recipient, please notify us at [log in to unmask] and be advised that you have received this mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ******************************************************************************************************************** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services. For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^