Data sharing

We often enter into data sharing agreements with third parties who deliver public services on our behalf under these agreements we may share your information with the third party in performance of our public task, we will only share your information when it is completely necessary to do so and only the minimum information will be shared. Instead of entering into specific data sharing agreements some are done via the Surrey Multi-Agency Information Sharing Protocol (MAISP) which provides a common understanding for all the agencies in Surrey to work to and is recommended for use where there is no context-specific protocol – all members of MAISP are bound by its principles.

Sharing information about individuals between public authorities is often essential if we need to keep people safe, or ensure they get the best services. This sharing must only happen when it is legal and necessary to do so and adequate safeguards are in place to protect the security of the information.

The Council will / may share your information within the Council to ensure that all our records about you are accurate, or where there is a necessity for different departments to provide a service to you.

Prevention of fraud and crime

We also collect, use and share Personal Data Interally and to other bodies responsible for auditing and administering public funds, or where undertaking a public function in order to detect fraud and protect public funds.  For example, we participate in the Cabinet Office’s National Fraud Initiative which compares computer records, usually personal information, to locate data differences as these may indicate potentially fraudulent claims and payments.  View further information regarding the National Fraud Initiative’s data matching exercise.

Further details on where we may share you information can be found in the privacy policy of the specific departments within the Council on the rights hand side of this page.

Transferring data outside of the EEA

The Council does not share data with organisations outside of the European Economic Area (EEA), however the Council is moving some of it’s IT systems to cloud based solutions, this could mean that a cloud server may be housed outside of the EEA.  Data must not be transferred to a Country or territory outside the EEA unless that Country or Territory protects the rights and freedoms of Data Subjects. Where the Council uses cloud based IT solutions it will always complete a Data Privacy Impact Assessment (DPIA) to identify exactly where the data is being stored and only when we are completely satisfied that the location is considered adequate by the member state will we adopt the service.