 |
answer text |
<p>The Central Digital and Data Office, in the Cabinet Office, sets the policy and
leads the cross-government approach to the safe, ethical, legal and secure sharing
of government data. They work with the Government Security Group, who also lead on
the topic of Supply Chain Security.</p><p><strong> </strong></p><p>When sharing personal
data with third party organisations, departments must make sure data is used fairly,
lawfully and transparently, in compliance with the data protection principles set
in UK GDPR and the Data Protection Act 2018. This includes having the requisite data
protection controls and governance in place and working with vendors and partners
to identify and remediate any risks. All government contracts with suppliers must
consider the security of all information and set expectations for how it should be
protected.</p><p><strong> </strong></p><p>Departments are responsible for managing
their security risks, including the risks to their information that is held and processed
by authorised third-parties. The Government Security Standard, local security policies
and assurance frameworks such as the Cyber Assessment Framework set out how they should
do this. These frameworks and good practice have been collaboratively developed by
the Cabinet Office, the National Cyber Security Centre and Departments themselves.</p><p>
</p>
|
|
