Never automatically assume someone is entitled to the information just because they have told you they need it, regardless of whether they are an internal or external requester.
When dealing with third parties consider whether there are any data sharing agreements or contracts in place that cover the transfer of data. Check whether there are any stipulations in place regarding the method of transfer that should be used.
Think about whether a non-disclosure agreement is required to cover security and use of the data.
Check that you are not providing more information than is necessary for the identified purpose. Do not just send a whole document or spreadsheet because it is ‘easier’, when only one section or specific columns are required.
Can the objective / purpose be met using anonymised data instead?
Where possible use https://drop.digitsole.com, else consider the most appropriate (not necessarily the easiest) transfer or access method.
What risk does the transfer or access to information pose (if any)?
