I suspect the situations are more complex than you are considering and the issue is when employees from Org A are being line managed by an employee from Org B on a day-to-day basis, e.g. for holidays and sickness absence, so need access to personnel data. We have addressed this in a couple of areas and have considered the sharing is either necessary for either a legal obligation or under official authority. We thought employment contract was possible, but difficult and might require revision of the contracts. Donald -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Blyth, Victoria Sent: 12 July 2018 09:08 To: [log in to unmask] Subject: Re: [data-protection] Sharing of staff data I'd guess that there's a misunderstanding of consent and when to use it as legal basis. There's not much my employer does in employment terms that I have a choice about and the ICO specifically says not to use consent because of the imbalance of power. You might need to look at employment contracts and whether the staff concerned have two employers. If organisation A, my employer, wants me to do some work on behalf of organisation B, I'm still under contract to Org A and Org B has no need for any personnel data. If I have a joint contract then I am employed by both orgs and any sharing of data necessary should be established in my contract of employment. You're looking at Art 6(1)(b) for employment contract and Art9(2)(b) for special category data, not consent. I would think that the sections I've listed above are your legal basis in DP terms, and it's then HR/Legal's job to make sure that the contract(s) of employment establish how the situation will work and whether any sharing of personnel data is necessary. If necessary, then how and when it should be done. Nothing in this situation should cause staff any worry because everything should be laid out clearly in contract of employment and HR policies. Victoria Blyth Information Strategy Manager (Interim Data Protection Officer) Information Management Team London Borough of Barnet, North London Business Park, Oakleigh Road South, London N11 1NP Tel: 020 8359 2015 please consider the environment - do you really need to print this email? -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Chris Tinsley Sent: 12 July 2018 08:49 To: [log in to unmask] Subject: Re: [data-protection] Sharing of staff data You might think so, but then why would they be asking for consent to allow the sharing in the first place. It could just be sloppy, belts and braces practice. Chris Sent by me > On 12 Jul 2018, at 08:46, Jon Baines <[log in to unmask]> wrote: > > One would assume their employment contract covers it? > > Jon Baines, > Chair, > NADPO > >> On 12 Jul 2018, at 08:43, Chris Tinsley <[log in to unmask]> wrote: >> >> Good morning all >> >> An NHS organisation I work with shares members of staff with a Local Authority to perform some compatible functions such as Commissioning. This is done under a Section 113 agreement of the Local Government act 1972. They are now looking to extend this function in to other areas. >> >> Part of this involves the sharing of personnel files. This has up to now been done with consent. >> >> With the extension of this in to other areas there is a requirement to share more staff files and a sudsequent worry by some members of staff about their jobs. >> >> I believe GDPR restricts the use of consent as a means of processing in a works context so we should cease sharing these files using consent, I can’t see how it can be freely given. >> >> Has anyone come across this before and how would you get round the consent issue with sharing personnel files? >> >> I have asked HR for an opinion as I am way out of my comfort zone with this. >> >> Chris >> >> >> Sent by me >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> All archives of messages are stored permanently and are >> available to the world wide web community at large at >> http://www.jiscmail.ac.uk/lists/data-protection.html >> If you wish to leave this list please send the command >> leave data-protection to [log in to unmask] All user >> commands can be found at >> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html >> Any queries about sending or receiving messages please send to the list owner >> [log in to unmask] >> Full help Desk - please email [log in to unmask] describing your needs >> To receive these emails in HTML format send the command: >> SET data-protection HTML to [log in to unmask] (all >> commands go to [log in to unmask] not the list please) >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This email and any attachments to it are intended solely for the individual to whom it is addressed. It may contain sensitive or confidential material and should be handled accordingly. However, it is recognised that, as an intended recipient of this email, you may wish to share it with those who have a legitimate interest in the contents. If you have received this email in error and you are not the intended recipient you must not disclose, distribute, copy or print any of the information contained or attached within it, all copies must be deleted from your system. Please notify the sender immediately. Whilst we take reasonable steps to identify software viruses, any attachments to this email may contain viruses which our anti-virus software has failed to identify. No liability can be accepted, and you should therefore carry out your own anti-virus checks before opening any documents. Please note: Information contained in this e-mail may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004. This message has been scanned for malware by Websense. www.websense.com ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. The information in this email is solely for the intended recipients. If you are not an intended recipient, you must not disclose, copy, or distribute its contents or use them in any way: please advise the sender immediately and delete this email. Perth & Kinross Council, Culture Perth and Kinross and TACTRAN do not warrant that this email or any attachments are virus-free and does not accept any liability for any loss or damage resulting from any virus infection. Perth & Kinross Council may monitor or examine any emails received by its email system. The information contained in this email may not be the views of Perth & Kinross Council, Culture Perth and Kinross or TACTRAN. It is possible for email to be falsified and the sender cannot be held responsible for the integrity of the information contained in it. Requests to Perth & Kinross Council under the Freedom of Information (Scotland) Act should be directed to the Freedom of Information Team - email: [log in to unmask] General enquiries to Perth & Kinross Council should be made to [log in to unmask] or 01738 475000. General enquiries and requests under the Freedom of Information (Scotland) Act to Culture Perth and Kinross should be made to [log in to unmask] or 01738 444949 General enquiries to TACTRAN should be made to [log in to unmask] or 01738 475775. Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^