Data Sharing and Governance Act 2019 – the Highlights

Wednesday, 13 March 2019

The Data Sharing and Governance Act 2019 (the “Act”) was signed into law on 4 March 2019 and is awaiting commencement. The Act comes in the wake of the GDPR and Data Protection Act 2018 in order to clarify and strengthen the data sharing rights and obligations of public bodies. 

The Act paves the way for more efficient and cost effective service delivery by public bodies by providing a clear legal basis for the sharing of personal data in certain circumstances. The aim is to reduce the administrative burden associated with the need for individuals to provide their personal data to numerous public bodies. 

Data Sharing 

The Act allows for the sharing of personal data between public bodies where the sharing is for the performance of a function of either of the public bodies. The sharing must be carried out for one of a number of purposes which are set out in the Act. Examples are to verify the identity of a person or to avoid the administrative burden of collecting data directly from an individual. 

The Act only applies where there is no other law of the European Union permitting or requiring the sharing of the personal data. 

Where a public body shares data according to the Act, data sharing agreements must be put in place. The Act sets out the content of such agreements and specifically provides that these data sharing agreements must be reviewed every 5 years. 

The data sharing provisions do not apply to Special Category Data except in relation to Part 5 on public service pension schemes. Special Category Data is information about a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health or condition, sexual life or sexual orientation, genetic data or biometric data. Therefore, public bodies cannot use the Act as a basis for sharing this type of personal data. 

Unlike the GDPR, The Act does apply to deceased individuals.

Personal Data Access Portal 
The Act provides for the establishment of a personal data access portal. This is a portal that would allow individuals to view their personal data as well as information in relation to any data breaches affecting their personal data and data sharing agreements under which their personal data is processed. 

Base Registry

The Act allows the Minster to designate base registries for use by public bodies so that they can access personal data without having to collect it directly from service users. A base registry will have an owner who must ensure the personal data is accurate and up to date.  

Pension Schemes
 
The Act provides a legal basis for the sharing of personal data for the purposes of the administration of public service pension schemes in particular the Single Public Service Pension Scheme. 

Business Information
 
The Act is not confined to the sharing of personal data. The circumstances in which business information can be shared between public bodies in the performance of their functions are also set out. Part 6 of the Act also allows for the allocation of a “unique business identifier number” for the purpose of uniquely identifying any undertaking that has a transaction with a public body.


For more information on the above please contact Sean O'Donnell, Aislinn Cullen or any member of the ByrneWallace Data Protection Team.

To register for ByrneWallace updates click here, and follow us on LinkedIn.