Whilst crime partnerships, business improvement districts, national retailers and private security firms all do a great job in sharing the common goal of reducing business crime, gaping holes soon start to appear when we mention data sharing or the lack of it.
Data sharing between organisations has become an industry problem over recent years due to the introduction of GDPR and the fear organisations have around sharing data. This makes achieving the common goal of reducing business crime that little bit more difficult.
Navigating the data sharing code
The best place to start with understanding data sharing is of course the Information Commissioners Office and the vast amounts of guidance they have on their website for organisations across multiple business sectors. To start off with some basics, before data is shared with third parties, answering some fundamental questions can help navigate this process.
SentrySIS system administrators should consider the following questions before sharing data.
• What is your objective in sharing data?
• What data you are sharing?
• What are the benefits and risks of sharing and not sharing?
• Do you have a DPIA (Data Protection Impact Assessment)?
• Do you have a data sharing agreement if sharing with third parties?
• What data protection principles are you sharing this data under?
• Is your data sharing fair and transparent?
• Under what lawful basis are you sharing this data under?
• What policies do you have in place to allow data subjects to exercise their individual rights easily?
• How have you documented your decisions to share data and has your compliance been evidenced with data protection law?
• What quality checks have been placed on the data you are about to share?
• How often do you review your data sharing agreements?
• What data retention periods do you practice and how are these abided by?
These questions are important so that our users abide by the law, uphold any legal, compliance or policy-based responsibilities they have and to ultimately give them the confidence that the sharing of data is done so in a fair and proportionate manner.
How does SentrySIS support administrators to stay GDPR compliant?
As data processors, we too have a series of legal responsibilities and internal policies that must be followed to ensure that we carry out our obligations under the Data Protection Act 2018.
Now that the UK has left the European Union, this also includes our duties in relation to UK GDPR rules and regulations.
Whilst most of these consist of policies, procedures and other documentation (all of which are available on request), others are feature-based controls within a SentrySIS platform.
These software functions are to better assist SentrySIS users and system administrators so that they too can meet their data protection and data sharing commitments.
Data Sharing Features
System administrators using SentrySIS can configure and adjust a series of data sharing settings within their installation to meet their organisation’s constitutional needs. This configuration also helps assist an organisation’s aspirations to share data safely with partner organisations - all within a GDPR compliant environment.
Once data sharing agreements have been exchanged and both organisations have requested and approved data sharing to be turned on in their systems, administrators can select any local profile, notification or incident (components) within their installation and share these with partner organisations. To ensure that GDRP protocols have been adhered to, administrators have the option to add some narrative and attached an additional text note to explain why this component has been shared in the first place.
The receiving organisation can now view this newly shared components within a dedicated ‘External’ tab within their own local SentrySIS installation and use the data for local analysis appropriately.
Other localised features to help administrators stay GDPR compliment include automatic scrubs (deletion) of profiles after a set time duration and the restriction of key components to administration viewing only (user based role access).
Setting Up Data Sharing
Administrators can navigate to the Settings area of their local SentrySIS installation and click on Data Sharing. Here, they can request and accept data sharing activity with other SentrySIS installations (e.g. Share Your Data With Other Organisations? Or Organisations That Would Like to Share With You).
Data sharing within SentrySIS can always be revoked at any time meaning data sharing between organisations is no longer possible.
SentrySIS has GDPR rules and compliance features built into its core for when organisations want to share data with partners. These include both policies and procedures in addition to software features giving system administrators full control of what data they share and with whom.
To find out more about GDPR, data sharing and the wider SentrySIS platform, please contact us for a free demonstration of the software.