18 June 2025

Data Sharing Agreements: checking compliance

By Chrissie Taylor, Information Governance Officer

Data Sharing Agreements: checking compliance

A data sharing agreement (DSA) is an agreement between two data controllers which details what data will be shared, how it will be shared and the responsibilities and standards expected from each respective controller. A DSA is not to be confused with a data processing agreement which is between a data controller and a data processor.

A DSA is an important document which can help organisations ensure they remain GDPR compliant whilst sharing data. Whilst not legally defined under GDPR, having a DSA in place can be beneficial if an organisation is going to be regularly sharing data with another controller. The DSA ensures that both parties are clear on what data is being shared, the lawful basis for sharing the information and the standards and security processes expected.

Role of Information Governance Professionals

As an information governance lead or data protection officer for your organisation, part of your regular responsibilities may include checking the compliance of a DSA or to draft one for use by your organisation. It is vital to know the key aspects that should be included in a DSA in order to provide assurance to colleagues within your organisation and to make sure any data sharing is compliant.

DSA Resources

For those who are familiarising themselves with the process of DSAs, the Information Commissioner’s Office has excellent resources on DSAs and the key aspects that should be included in them on its webpage.[1] Naomi Korn Associates has this checklist which can also be used if drafting a DSA to ensure that all the key elements have been included.

The checklist has three columns: one listing the key DSA requirement, one for comments and then a column for colour coding red, amber or green. This traffic light system can then be used in the evaluating stage to clearly identify any areas to be followed up on when feeding back to the author or whoever raised the DSA.  

Documenting your analysis of the DSA in this way also provides a useful audit trail which can be used for future reference to demonstrate that due diligence was carried out for a particular data sharing activity.

For more information, please click here: Data Sharing & Contracts Courses | Naomi Korn

[1] Data sharing agreements | ICO

Recent News

Two merchants and a woman at a table; representing arithmetic. Etching by C. Schut after himself. Wellcome Collection.
9 April 2026

Reddit’s £14.47m Lesson: Complete a Data Protection Impact Assessment (DPIA)!

read story
Richard Bell via Unsplash
8 April 2026

New Data Protection Practitioner Reflects on Data Subject Access Requests

read story
London Library Back Stacks © Simon Brown
31 March 2026

Generally Recognised Standards for use in the data protection purpose ‘archiving purposes in the public interest’

read story
Horace Bénédict de Saussure and others ascending Mont Blanc. Coloured aquatint. Wellcome Collection.
25 March 2026

Data Subject Access Requests: A Burden for Small Businesses?

read story

Back to News

Discover more from Naomi Korn Associates

Subscribe now to keep reading and get access to the full archive.

Continue reading