- Before gaining access to a database, a contract between provider and the recipient of the data should define rights and responsibilities of each party involved in the transaction. This includes the definition of whether the purpose of the processing by the recipient is in line with the processing that the data subjects consented to before (compatibility test).
- Collect proof that substantial investments have been made for the creation of your database (not on the creation of data as such). This ensures the sui generis rights of the database which grant you the right to prevent others from using the database or extracting information from it.
- Be sure to have a legal basis for disclosure to third parties. Pass obligations on to recipients of data and make clear stipulations in the contracts between the parties involved.
- If you are considering the commercialization of data, make sure that the datasets do not contain any personal data (otherwise, commercialization would be illegal). You should ask as many experts as possible before commercializing data on your own.
- Consult with a data protection officer (if one has been appointed at your organization) or personal data protection specialists before the start of processing operations.