Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Shared Workspace Business Manual

Using Shared Workspace: Using Shared Workspace Outside The European Economic Area (EEA)

 When using Shared Workspace with customer members outside the EEA, the Business Unit must consider the Data Protection Act.


The 8th principle of the Data Protection Act 1988 (DPA) states;

‘Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data’.


The Business Case

The Business Case should make it clear if,


  • Collaboration is intended with customers outside the EEA and,
  • It is intended to share personal data

Once the Business Case has been approved by the appropriate Board the Global Community Administrator (GCA) will ask for confirmation from the Business that the Customer Organisation is DPA compliant.


Data Guardian

When requesting the Data Usage Agreement the Business should advise the Data Guardian of the intended collaboration with an Organisation outside the EEA


Expansion of Shared Workspace

The Business Unit must inform the GCA as soon as there is an intention to expand Shared Workspace to include an Organisation outside the EEA or it becomes evident that an Organisation intends to out source all or part of their business to a location outwith the EEA.

The GCA will need confirmation from the Business Unit that they and their Data Guardian are satisfied that the organisation is DPA compliant.


Further information about the Data Protection Act is available on the Information Policy & Disclosure site